[src/netbsd-2-1]: src/sbin/ping Pull up following revision(s) (requested by g...

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9c7272f42467
branches:  netbsd-2-1
changeset: 564270:9c7272f42467
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Sat Aug 11 14:25:43 2007 +0000

description:
Pull up following revision(s) (requested by ghen in ticket #11352):
        sbin/ping/ping.c: revision 1.83 - 1.85
PR/28741: Michael Santos: ping does [not] drop root privileges
Moved socket calls way up, and called seteuid(getuid()).
On 2nd thought, setuid() is better here.
Change error message to say "setuid", forgotten in previous commit.
Pointed out by Ray Lai, thanks!

diffstat:

 sbin/ping/ping.c |  16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

diffs (51 lines):

diff -r c9c1f7621aa9 -r 9c7272f42467 sbin/ping/ping.c
--- a/sbin/ping/ping.c  Mon Jun 04 19:26:59 2007 +0000
+++ b/sbin/ping/ping.c  Sat Aug 11 14:25:43 2007 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ping.c,v 1.75 2004/01/26 02:21:30 itojun Exp $ */
+/*     $NetBSD: ping.c,v 1.75.6.1 2007/08/11 14:25:43 bouyer Exp $     */
 
 /*
  * Copyright (c) 1989, 1993
@@ -58,7 +58,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: ping.c,v 1.75 2004/01/26 02:21:30 itojun Exp $");
+__RCSID("$NetBSD: ping.c,v 1.75.6.1 2007/08/11 14:25:43 bouyer Exp $");
 #endif
 
 #include <stdio.h>
@@ -262,6 +262,14 @@
 #endif
   
 
+       if ((s = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
+               err(1, "Cannot create socket");
+       if ((sloop = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
+               err(1, "Cannot create socket");
+
+       if (setuid(getuid()) == -1)
+               err(1, "setuid");
+
        setprogname(argv[0]);
 
 #ifndef IPSEC
@@ -461,8 +469,6 @@
 
        ident = htons(getpid()) & 0xFFFF;
 
-       if ((s = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
-               err(1, "Cannot create socket");
        if (options & SO_DEBUG) {
                if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
                               (char *)&on, sizeof(on)) == -1)
@@ -474,8 +480,6 @@
                        warn("SO_DONTROUTE");
        }
 
-       if ((sloop = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
-               err(1, "Cannot create socket");
        if (options & SO_DEBUG) {
                if (setsockopt(sloop, SOL_SOCKET, SO_DEBUG,
                               (char *)&on, sizeof(on)) == -1)