Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 May 2001 04:03:48 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        audit@FreeBSD.org
Subject:   ping6 fixes
Message-ID:  <20010508040347.A93281@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Turns out ping6 wasn't dropping root privs..I don't think this is
necessarily a problem, but it's bad practise.  The patch again uses
seteuid() which is probably a NOP, but that's what KAME have now
(obtained from OpenBSD), so we might as well do it.

I also merged the superuser limitation on the '-s' flag.  Still to do
are to check/fix the SIGALRM signal handling fixes from ping.

Kris

Index: ping6.8
===================================================================
RCS file: /mnt/ncvs/src/sbin/ping6/ping6.8,v
retrieving revision 1.9
diff -u -r1.9 ping6.8
--- ping6.8	2001/02/22 19:00:51	1.9
+++ ping6.8	2001/05/08 10:59:15
@@ -259,6 +259,7 @@
 You may need to specify
 .Fl b
 as well to extend socket buffer size.
+Only the super-user may use this option.
 .It Fl v
 Verbose output.
 .Tn ICMP
Index: ping6.c
===================================================================
RCS file: /mnt/ncvs/src/sbin/ping6/ping6.c,v
retrieving revision 1.8
diff -u -r1.8 ping6.c
--- ping6.c	2000/12/04 13:38:59	1.8
+++ ping6.c	2001/05/08 11:01:00
@@ -126,6 +126,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sysexits.h>
 #include <unistd.h>
 
 #ifdef IPSEC
@@ -423,6 +424,10 @@
 			usepktinfo++;
 			break;
 		case 's':		/* size of packet to send */
+			if (getuid()) {
+				errno = EPERM;
+				err(EX_NOPERM, "-s flag");
+			}	
 			datalen = strtol(optarg, &e, 10);
 			if (datalen <= 0 || *optarg == '\0' || *e != '\0')
 				errx(1, "illegal datalen value -- %s", optarg);
@@ -630,6 +635,10 @@
 			err(1, "setsockopt(IPV6_RECVRTHDRDSTOPTS)");
 #endif
 	}
+
+	/* revoke root privilege */
+	seteuid(getuid());
+	setuid(getuid());
 
 /*
 	optval = 1;

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE699KTWry0BWjoQKURAkr8AJ4zky/G9UblyQP8YD4g/YyzPgBrsQCglvj1
kNI4nDknMKitVu6uromo/Wg=
=ra2m
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010508040347.A93281>