Attachment #4928 for bug #25282

View | Details | Raw Unified | Return to bug 25282
Collapse All | Expand All

Lines 35-40 Link Here

(-)iputils-s20101006.orig/arping.c (-6 / +7 lines)
35	#include <sysfs/libsysfs.h>	35	#include <sysfs/libsysfs.h>
36		36
37	#include "SNAPSHOT.h"	37	#include "SNAPSHOT.h"
		38	#include "fixfds.h"
		39	#include "droppriv.h"
38		40
39	static void usage(void) __attribute__((noreturn));	41	static void usage(void) __attribute__((noreturn));
40		42
Lines 346-361 Link Here
346	{	348	{
347	int socket_errno;	349	int socket_errno;
348	int ch;	350	int ch;
349	uid_t uid = getuid();
350		351
351	s = socket(PF_PACKET, SOCK_DGRAM, 0);	352	s = socket(PF_PACKET, SOCK_DGRAM, 0);
352	socket_errno = errno;	353	socket_errno = errno;
353		354
354	if (setuid(uid)) {
355	perror("arping: setuid");
356	exit(-1);
357	}
358
359	while ((ch = getopt(argc, argv, "h?bfDUAqc:w:s:I:V")) != EOF) {	355	while ((ch = getopt(argc, argv, "h?bfDUAqc:w:s:I:V")) != EOF) {
360	switch(ch) {	356	switch(ch) {
361	case 'b':	357	case 'b':
Lines 504-509 Link Here
504	close(probe_fd);	500	close(probe_fd);
505	};	501	};
506		502
		503	#if 0
		504	drop_priv();
		505	#endif
		506
507	((struct sockaddr_ll *)&me)->sll_family = AF_PACKET;	507	((struct sockaddr_ll *)&me)->sll_family = AF_PACKET;
508	((struct sockaddr_ll *)&me)->sll_ifindex = ifindex;	508	((struct sockaddr_ll *)&me)->sll_ifindex = ifindex;
509	((struct sockaddr_ll *)&me)->sll_protocol = htons(ETH_P_ARP);	509	((struct sockaddr_ll *)&me)->sll_protocol = htons(ETH_P_ARP);
Lines 530-535 Link Here
530	#if 1	530	#if 1
531	set_device_broadcast(device, ((struct sockaddr_ll *)&he)->sll_addr,	531	set_device_broadcast(device, ((struct sockaddr_ll *)&he)->sll_addr,
532	((struct sockaddr_ll *)&he)->sll_halen);	532	((struct sockaddr_ll *)&he)->sll_halen);
		533	drop_priv();
533	#else	534	#else
534	memset(((struct sockaddr_ll )&he)->sll_addr, -1, ((struct sockaddr_ll )&he)->sll_halen);	535	memset(((struct sockaddr_ll )&he)->sll_addr, -1, ((struct sockaddr_ll )&he)->sll_halen);
535	#endif	536	#endif

Lines 20-25 Link Here

(-)iputils-s20101006.orig/clockdiff.c (-4 / +6 lines)
20	#include <arpa/inet.h>	20	#include <arpa/inet.h>
21	#include <errno.h>	21	#include <errno.h>
22	#include <linux/types.h>	22	#include <linux/types.h>
		23	#include "fixfds.h"
		24	#include "dropcap.h"
		25
23		26
24	void usage(void) __attribute__((noreturn));	27	void usage(void) __attribute__((noreturn));
25		28
Lines 539-544 Link Here
539	char hostname[MAX_HOSTNAMELEN];	542	char hostname[MAX_HOSTNAMELEN];
540	int s_errno = 0;	543	int s_errno = 0;
541		544
		545	fix_fds();
		546
542	if (argc < 2) {	547	if (argc < 2) {
543	if (setuid(getuid())) {	548	if (setuid(getuid())) {
544	perror("clockdiff: setuid");	549	perror("clockdiff: setuid");
Lines 550-559 Link Here
550	sock_raw = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);	555	sock_raw = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
551	s_errno = errno;	556	s_errno = errno;
552		557
553	if (setuid(getuid())) {	558	drop_cap();
554	perror("clockdiff: setuid");
555	exit(-1);
556	}
557		559
558	if (argc == 3) {	560	if (argc == 3) {
559	if (strcmp(argv[1], "-o") == 0) {	561	if (strcmp(argv[1], "-o") == 0) {




#include <stdlib.h>
#include <error.h>
#include <errno.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
#include <linux/types.h>
#include <sys/capability.h>
#include <sys/prctl.h>

#include "dropcap.h"

extern void drop_cap (void);

void
drop_cap (void)
{
	const char *dir = "/var/resolv";
	cap_t   caps;
	uid_t uid = getuid ();
	gid_t gid = getgid ();

	if (uid && geteuid())
		return;

	if (setgroups (0, NULL) < 0)
		error (EXIT_FAILURE, errno, "setgroups");

	if (prctl (PR_SET_KEEPCAPS, 1))
		error (EXIT_FAILURE, errno, "prctl (PR_SET_KEEPCAPS, 1) failed");

	if (!uid)
	{
		const char *user = "iputils";
		struct passwd *pw = getpwnam (user);

		if (!pw)
			error (EXIT_FAILURE, 0,
			       "lookup of user \"%s\" failed", user);

		gid = pw->pw_gid;
		uid = pw->pw_uid;
		endpwent ();

		if (!uid)
			error (EXIT_FAILURE, 0,
			       "user \"%s\" shouldn't be root", user);
	}

	if (chroot (dir) < 0)
		error (EXIT_FAILURE, errno, "chroot to \"%s\" failed", dir);

	if (chdir ("/") < 0)
		error (EXIT_FAILURE, errno, "chdir to \"/\" failed");

	if (setgid (gid) < 0)
		error (EXIT_FAILURE, errno, "setgid");

	caps = cap_from_text ("cap_setuid,cap_net_raw=ep");
	if (!caps)
		error (EXIT_FAILURE, errno, "cap_from_text failed");

	if (cap_set_proc (caps) < 0)
		error (EXIT_FAILURE, errno, "cap_set_proc failed");

	cap_free (caps);

	if (setreuid (uid, uid) < 0)
		error (EXIT_FAILURE, errno, "setreuid");

	caps = cap_from_text ("cap_net_raw=ep");
	if (!caps)
		error (EXIT_FAILURE, errno, "cap_from_text failed");

	if (cap_set_proc (caps) < 0)
		error (EXIT_FAILURE, errno, "cap_set_proc failed");

	cap_free (caps);
}

Line 0 Link Here

(-)iputils-s20101006.orig/dropcap.h (+6 lines)
	1	#ifndef __DROPCAP_H__
	2	#define __DROPCAP_H__
	3
	4	extern void drop_cap (void);
	5
	6	#endif /* __DROPCAP_H__ */




#include <stdlib.h>
#include <error.h>
#include <errno.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>

#include "droppriv.h"

uid_t   uid = -1;

void
drop_priv (void)
{
	const char *dir = "/var/resolv";
	uid = getuid ();

	if (uid && geteuid())
		return;

	if (setgroups (0, NULL) < 0)
		error (EXIT_FAILURE, errno, "setgroups");

	if (uid)
	{
		if (chroot (dir) < 0)
			error (EXIT_FAILURE, errno, "chroot to \"%s\" failed",
			       dir);

		if (chdir ("/") < 0)
			error (EXIT_FAILURE, errno, "chdir to \"/\" failed");

		if (setgid (getgid ()) < 0)
			error (EXIT_FAILURE, errno, "setgid");

		if (setuid (uid) < 0)
			error (EXIT_FAILURE, errno, "setuid");
	} else
	{
		const char *user = "iputils";
		struct passwd *pw = getpwnam (user);

		if (!pw)
			error (EXIT_FAILURE, 0,
			       "lookup of user \"%s\" failed", user);
		endpwent ();

		if (!pw->pw_uid)
			error (EXIT_FAILURE, 0,
			       "user \"%s\" shouldn't be root", user);

		if (chroot (dir) < 0)
			error (EXIT_FAILURE, errno, "chroot to \"%s\" failed",
			       dir);

		if (chdir ("/") < 0)
			error (EXIT_FAILURE, errno, "chdir to \"/\" failed");

		if (setgid (pw->pw_gid) < 0)
			error (EXIT_FAILURE, errno, "setgid");

		if (setuid (pw->pw_uid) < 0)
			error (EXIT_FAILURE, errno, "setuid");
	}
}

Line 0 Link Here

(-)iputils-s20101006.orig/droppriv.h (+10 lines)
	1	#ifndef __DROPPRIV_H__
	2	#define __DROPPRIV_H__
	3
	4	#include <sys/types.h>
	5
	6	extern void drop_priv (void);
	7
	8	extern uid_t uid;
	9
	10	#endif /* __DROPPRIV_H__ */




#include <stdlib.h>
#include <error.h>
#include <errno.h>
#include <unistd.h>
#include <paths.h>
#include <fcntl.h>
#include <sys/stat.h>

#include "fixfds.h"

void
fix_fds (void)
{
	struct stat stb;

	if ((fstat (STDIN_FILENO, &stb) < 0)
	    && (open (_PATH_DEVNULL, O_RDONLY) != STDIN_FILENO))
		error (EXIT_FAILURE, errno, "open: %s", _PATH_DEVNULL);

	if ((fstat (STDOUT_FILENO, &stb) < 0)
	    && (open (_PATH_DEVNULL, O_WRONLY) != STDOUT_FILENO))
		error (EXIT_FAILURE, errno, "open: %s", _PATH_DEVNULL);

	if ((fstat (STDERR_FILENO, &stb) < 0)
	    && (open (_PATH_DEVNULL, O_WRONLY) != STDERR_FILENO))
		error (EXIT_FAILURE, errno, "open: %s", _PATH_DEVNULL);
}

Line 0 Link Here

(-)iputils-s20101006.orig/fixfds.h (+6 lines)
	1	#ifndef __FIXFDS_H__
	2	#define __FIXFDS_H__
	3
	4	extern void fix_fds (void);
	5
	6	#endif /* __FIXFDS_H__ */

Lines 26-35 Link Here

(-)iputils-s20101006.orig/Makefile (-3 / +8 lines)
26	all: $(TARGETS)	26	all: $(TARGETS)
27		27
28		28
		29	arping: arping.o -lsysfs fixfds.o droppriv.o
		30	clockdiff: clockdiff.o fixfds.o dropcap.o
		31	$(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -lcap -o $@
29	tftpd: tftpd.o tftpsubs.o	32	tftpd: tftpd.o tftpsubs.o
30	arping: arping.o -lsysfs	33	tracepath: tracepath.o fixfds.o droppriv.o
31	ping: ping.o ping_common.o	34	tracepath6: tracepath6.o fixfds.o droppriv.o
32	ping6: ping6.o ping_common.o -lresolv -lcrypto	35	traceroute6: traceroute6.o fixfds.o droppriv.o
		36	ping: ping.o ping_common.o fixfds.o droppriv.o
		37	ping6: ping6.o ping_common.o fixfds.o droppriv.o -lresolv -lcrypto
33	ping.o ping6.o ping_common.o: ping_common.h	38	ping.o ping6.o ping_common.o: ping_common.h
34	tftpd.o tftpsubs.o: tftp.h	39	tftpd.o tftpsubs.o: tftp.h
35		40

Lines 67-72 Link Here

(-)iputils-s20101006.orig/ping6.c (-5 / +5 lines)
67	* This program has to run SUID to ROOT to access the ICMP socket.	67	* This program has to run SUID to ROOT to access the ICMP socket.
68	*/	68	*/
69	#include "ping_common.h"	69	#include "ping_common.h"
		70	#include "fixfds.h"
		71	#include "droppriv.h"
70		72
71	#include <linux/filter.h>	73	#include <linux/filter.h>
72	#include <netinet/ip6.h>	74	#include <netinet/ip6.h>
Lines 529-542 Link Here
529	#endif	531	#endif
530	static uint32_t scope_id = 0;	532	static uint32_t scope_id = 0;
531		533
		534	fix_fds();
		535
532	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);	536	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
533	socket_errno = errno;	537	socket_errno = errno;
534		538
535	uid = getuid();	539	drop_priv();
536	if (setuid(uid)) {
537	perror("ping: setuid");
538	exit(-1);
539	}
540		540
541	source.sin6_family = AF_INET6;	541	source.sin6_family = AF_INET6;
542	memset(&firsthop, 0, sizeof(firsthop));	542	memset(&firsthop, 0, sizeof(firsthop));

Lines 59-64 Link Here

(-)iputils-s20101006.orig/ping.c (-5 / +5 lines)
59	*/	59	*/
60		60
61	#include "ping_common.h"	61	#include "ping_common.h"
		62	#include "fixfds.h"
		63	#include "droppriv.h"
62		64
63	#include <netinet/ip.h>	65	#include <netinet/ip.h>
64	#include <netinet/ip_icmp.h>	66	#include <netinet/ip_icmp.h>
Lines 123-136 Link Here
123	char *target, hnamebuf[MAX_HOSTNAMELEN];	125	char *target, hnamebuf[MAX_HOSTNAMELEN];
124	char rspace[3 + 4 * NROUTES + 1]; /* record route space */	126	char rspace[3 + 4 * NROUTES + 1]; /* record route space */
125		127
		128	fix_fds();
		129
126	icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);	130	icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
127	socket_errno = errno;	131	socket_errno = errno;
128		132
129	uid = getuid();	133	drop_priv();
130	if (setuid(uid)) {
131	perror("ping: setuid");
132	exit(-1);
133	}
134		134
135	source.sin_family = AF_INET;	135	source.sin_family = AF_INET;
136		136

Lines 1-6 Link Here

(-)iputils-s20101006.orig/ping_common.c (-1 / +1 lines)
1	#include "ping_common.h"	1	#include "ping_common.h"
2	#include <ctype.h>	2	#include <ctype.h>
3	#include <sched.h>	3	#include <sched.h>
		4	#include "droppriv.h"
4		5
5	int options;	6	int options;
6		7
Lines 55-61 Link Here
55	int datalen = DEFDATALEN;	56	int datalen = DEFDATALEN;
56		57
57	char *hostname;	58	char *hostname;
58	int uid;
59	int ident; /* process id to identify our packets */	59	int ident; /* process id to identify our packets */
60		60
61	static int screen_width = INT_MAX;	61	static int screen_width = INT_MAX;

Lines 77-83 Link Here

(-)iputils-s20101006.orig/ping_common.h (-1 lines)
77		77
78	extern int datalen;	78	extern int datalen;
79	extern char *hostname;	79	extern char *hostname;
80	extern int uid;
81	extern int ident; /* process id to identify our packets */	80	extern int ident; /* process id to identify our packets */
82		81
83	extern int sndbuf;	82	extern int sndbuf;

Lines 25-30 Link Here

(-)iputils-s20101006.orig/tracepath6.c (+5 lines)
25	#include <sys/time.h>	25	#include <sys/time.h>
26	#include <sys/uio.h>	26	#include <sys/uio.h>
27	#include <arpa/inet.h>	27	#include <arpa/inet.h>
		28	#include "fixfds.h"
		29	#include "droppriv.h"
28		30
29	#ifndef SOL_IPV6	31	#ifndef SOL_IPV6
30	#define SOL_IPV6 IPPROTO_IPV6	32	#define SOL_IPV6 IPPROTO_IPV6
Lines 375-380 Link Here
375	int gai;	377	int gai;
376	char pbuf[NI_MAXSERV];	378	char pbuf[NI_MAXSERV];
377		379
		380	fix_fds();
		381	drop_priv();
		382
378	while ((ch = getopt(argc, argv, "nbh?l:")) != EOF) {	383	while ((ch = getopt(argc, argv, "nbh?l:")) != EOF) {
379	switch(ch) {	384	switch(ch) {
380	case 'n':	385	case 'n':

Lines 23-28 Link Here

(-)iputils-s20101006.orig/tracepath.c (+5 lines)
23	#include <sys/time.h>	23	#include <sys/time.h>
24	#include <sys/uio.h>	24	#include <sys/uio.h>
25	#include <arpa/inet.h>	25	#include <arpa/inet.h>
		26	#include "fixfds.h"
		27	#include "droppriv.h"
26		28
27	#ifndef IP_PMTUDISC_PROBE	29	#ifndef IP_PMTUDISC_PROBE
28	#define IP_PMTUDISC_PROBE 3	30	#define IP_PMTUDISC_PROBE 3
Lines 299-304 Link Here
299	char *p;	301	char *p;
300	int ch;	302	int ch;
301		303
		304	fix_fds();
		305	drop_priv();
		306
302	while ((ch = getopt(argc, argv, "nbh?l:")) != EOF) {	307	while ((ch = getopt(argc, argv, "nbh?l:")) != EOF) {
303	switch(ch) {	308	switch(ch) {
304	case 'n':	309	case 'n':

Lines 260-265 Link Here

(-)iputils-s20101006.orig/traceroute6.c (-4 / +5 lines)
260	#include <unistd.h>	260	#include <unistd.h>
261		261
262	#include "SNAPSHOT.h"	262	#include "SNAPSHOT.h"
		263	#include "fixfds.h"
		264	#include "droppriv.h"
263		265
264	#ifndef SOL_IPV6	266	#ifndef SOL_IPV6
265	#define SOL_IPV6 IPPROTO_IPV6	267	#define SOL_IPV6 IPPROTO_IPV6
Lines 335-347 Link Here
335	int ch, i, on, probe, seq, tos, ttl;	337	int ch, i, on, probe, seq, tos, ttl;
336	int socket_errno;	338	int socket_errno;
337		339
		340	fix_fds();
		341
338	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);	342	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
339	socket_errno = errno;	343	socket_errno = errno;
340		344
341	if (setuid(getuid())) {	345	drop_priv();
342	perror("traceroute6: setuid");
343	exit(-1);
344	}
345		346
346	on = 1;	347	on = 1;
347	seq = tos = 0;	348	seq = tos = 0;

Return to bug 25282

Line 0 Link Here

(-)iputils-s20101006.orig/dropcap.c (+79 lines)
		1	#include <stdlib.h>
		2	#include <error.h>
		3	#include <errno.h>
		4	#include <unistd.h>
		5	#include <pwd.h>
		6	#include <grp.h>
		7	#include <linux/types.h>
		8	#include <sys/capability.h>
		9	#include <sys/prctl.h>
		10
		11	#include "dropcap.h"
		12
		13	extern void drop_cap (void);
		14
		15	void
		16	drop_cap (void)
		17	{
		18	const char *dir = "/var/resolv";
		19	cap_t caps;
		20	uid_t uid = getuid ();
		21	gid_t gid = getgid ();
		22
		23	if (uid && geteuid())
		24	return;
		25
		26	if (setgroups (0, NULL) < 0)
		27	error (EXIT_FAILURE, errno, "setgroups");
		28
		29	if (prctl (PR_SET_KEEPCAPS, 1))
		30	error (EXIT_FAILURE, errno, "prctl (PR_SET_KEEPCAPS, 1) failed");
		31
		32	if (!uid)
		33	{
		34	const char *user = "iputils";
		35	struct passwd *pw = getpwnam (user);
		36
		37	if (!pw)
		38	error (EXIT_FAILURE, 0,
		39	"lookup of user \"%s\" failed", user);
		40
		41	gid = pw->pw_gid;
		42	uid = pw->pw_uid;
		43	endpwent ();
		44
		45	if (!uid)
		46	error (EXIT_FAILURE, 0,
		47	"user \"%s\" shouldn't be root", user);
		48	}
		49
		50	if (chroot (dir) < 0)
		51	error (EXIT_FAILURE, errno, "chroot to \"%s\" failed", dir);
		52
		53	if (chdir ("/") < 0)
		54	error (EXIT_FAILURE, errno, "chdir to \"/\" failed");
		55
		56	if (setgid (gid) < 0)
		57	error (EXIT_FAILURE, errno, "setgid");
		58
		59	caps = cap_from_text ("cap_setuid,cap_net_raw=ep");
		60	if (!caps)
		61	error (EXIT_FAILURE, errno, "cap_from_text failed");
		62
		63	if (cap_set_proc (caps) < 0)
		64	error (EXIT_FAILURE, errno, "cap_set_proc failed");
65
66	cap_free (caps);
67
68	if (setreuid (uid, uid) < 0)
69	error (EXIT_FAILURE, errno, "setreuid");
70
71	caps = cap_from_text ("cap_net_raw=ep");
72	if (!caps)
73	error (EXIT_FAILURE, errno, "cap_from_text failed");
74
75	if (cap_set_proc (caps) < 0)
76	error (EXIT_FAILURE, errno, "cap_set_proc failed");
77
78	cap_free (caps);
79	}

Line 0 Link Here

(-)iputils-s20101006.orig/droppriv.c (+65 lines)
		1	#include <stdlib.h>
		2	#include <error.h>
		3	#include <errno.h>
		4	#include <unistd.h>
		5	#include <pwd.h>
		6	#include <grp.h>
		7
		8	#include "droppriv.h"
		9
		10	uid_t uid = -1;
		11
		12	void
		13	drop_priv (void)
		14	{
		15	const char *dir = "/var/resolv";
		16	uid = getuid ();
		17
		18	if (uid && geteuid())
		19	return;
		20
		21	if (setgroups (0, NULL) < 0)
		22	error (EXIT_FAILURE, errno, "setgroups");
		23
		24	if (uid)
		25	{
		26	if (chroot (dir) < 0)
		27	error (EXIT_FAILURE, errno, "chroot to \"%s\" failed",
		28	dir);
		29
		30	if (chdir ("/") < 0)
		31	error (EXIT_FAILURE, errno, "chdir to \"/\" failed");
		32
		33	if (setgid (getgid ()) < 0)
		34	error (EXIT_FAILURE, errno, "setgid");
		35
		36	if (setuid (uid) < 0)
		37	error (EXIT_FAILURE, errno, "setuid");
		38	} else
		39	{
		40	const char *user = "iputils";
		41	struct passwd *pw = getpwnam (user);
		42
		43	if (!pw)
		44	error (EXIT_FAILURE, 0,
		45	"lookup of user \"%s\" failed", user);
		46	endpwent ();
		47
		48	if (!pw->pw_uid)
		49	error (EXIT_FAILURE, 0,
		50	"user \"%s\" shouldn't be root", user);
		51
		52	if (chroot (dir) < 0)
		53	error (EXIT_FAILURE, errno, "chroot to \"%s\" failed",
		54	dir);
		55
		56	if (chdir ("/") < 0)
		57	error (EXIT_FAILURE, errno, "chdir to \"/\" failed");
		58
		59	if (setgid (pw->pw_gid) < 0)
		60	error (EXIT_FAILURE, errno, "setgid");
		61
		62	if (setuid (pw->pw_uid) < 0)
		63	error (EXIT_FAILURE, errno, "setuid");
		64	}
65	}

Line 0 Link Here

(-)iputils-s20101006.orig/fixfds.c (+27 lines)
	1	#include <stdlib.h>
	2	#include <error.h>
	3	#include <errno.h>
	4	#include <unistd.h>
	5	#include <paths.h>
	6	#include <fcntl.h>
	7	#include <sys/stat.h>
	8
	9	#include "fixfds.h"
	10
	11	void
	12	fix_fds (void)
	13	{
	14	struct stat stb;
	15
	16	if ((fstat (STDIN_FILENO, &stb) < 0)
	17	&& (open (_PATH_DEVNULL, O_RDONLY) != STDIN_FILENO))
	18	error (EXIT_FAILURE, errno, "open: %s", _PATH_DEVNULL);
	19
	20	if ((fstat (STDOUT_FILENO, &stb) < 0)
	21	&& (open (_PATH_DEVNULL, O_WRONLY) != STDOUT_FILENO))
	22	error (EXIT_FAILURE, errno, "open: %s", _PATH_DEVNULL);
	23
	24	if ((fstat (STDERR_FILENO, &stb) < 0)
	25	&& (open (_PATH_DEVNULL, O_WRONLY) != STDERR_FILENO))
	26	error (EXIT_FAILURE, errno, "open: %s", _PATH_DEVNULL);
	27	}