Date: Tue, 8 May 2001 04:03:48 -0700 From: Kris Kennaway <kris@obsecurity.org> To: audit@FreeBSD.org Subject: ping6 fixes Message-ID: <20010508040347.A93281@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Turns out ping6 wasn't dropping root privs..I don't think this is
necessarily a problem, but it's bad practise. The patch again uses
seteuid() which is probably a NOP, but that's what KAME have now
(obtained from OpenBSD), so we might as well do it.
I also merged the superuser limitation on the '-s' flag. Still to do
are to check/fix the SIGALRM signal handling fixes from ping.
Kris
Index: ping6.8
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/sbin/ping6/ping6.8,v
retrieving revision 1.9
diff -u -r1.9 ping6.8
--- ping6.8 2001/02/22 19:00:51 1.9
+++ ping6.8 2001/05/08 10:59:15
@@ -259,6 +259,7 @@
You may need to specify
.Fl b
as well to extend socket buffer size.
+Only the super-user may use this option.
.It Fl v
Verbose output.
.Tn ICMP
Index: ping6.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/sbin/ping6/ping6.c,v
retrieving revision 1.8
diff -u -r1.8 ping6.c
--- ping6.c 2000/12/04 13:38:59 1.8
+++ ping6.c 2001/05/08 11:01:00
@@ -126,6 +126,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sysexits.h>
#include <unistd.h>
=20
#ifdef IPSEC
@@ -423,6 +424,10 @@
usepktinfo++;
break;
case 's': /* size of packet to send */
+ if (getuid()) {
+ errno =3D EPERM;
+ err(EX_NOPERM, "-s flag");
+ }=09
datalen =3D strtol(optarg, &e, 10);
if (datalen <=3D 0 || *optarg =3D=3D '\0' || *e !=3D '\0')
errx(1, "illegal datalen value -- %s", optarg);
@@ -630,6 +635,10 @@
err(1, "setsockopt(IPV6_RECVRTHDRDSTOPTS)");
#endif
}
+
+ /* revoke root privilege */
+ seteuid(getuid());
+ setuid(getuid());
=20
/*
optval =3D 1;
--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE699KTWry0BWjoQKURAkr8AJ4zky/G9UblyQP8YD4g/YyzPgBrsQCglvj1
kNI4nDknMKitVu6uromo/Wg=
=ra2m
-----END PGP SIGNATURE-----
--fdj2RfSjLxBAspz7--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010508040347.A93281>