[src/netbsd-2]: src/sbin/ping Pull up following revision(s) (requested by ghe...

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/6b77ed56cc7d
branches:  netbsd-2
changeset: 564606:6b77ed56cc7d
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Sat Aug 11 14:10:48 2007 +0000

description:
Pull up following revision(s) (requested by ghen in ticket #11352):
        sbin/ping/ping.c: revision 1.83 - 1.85
PR/28741: Michael Santos: ping does [not] drop root privileges
Moved socket calls way up, and called seteuid(getuid()).
On 2nd thought, setuid() is better here.
Change error message to say "setuid", forgotten in previous commit.
Pointed out by Ray Lai, thanks!

diffstat:

 sbin/ping/ping.c |  16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

diffs (51 lines):

diff -r 9a11ccc2271c -r 6b77ed56cc7d sbin/ping/ping.c
--- a/sbin/ping/ping.c  Sat Aug 11 14:08:43 2007 +0000
+++ b/sbin/ping/ping.c  Sat Aug 11 14:10:48 2007 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ping.c,v 1.75.4.1 2007/08/11 14:08:43 bouyer Exp $     */
+/*     $NetBSD: ping.c,v 1.75.4.2 2007/08/11 14:10:48 bouyer Exp $     */
 
 /*
  * Copyright (c) 1989, 1993
@@ -58,7 +58,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: ping.c,v 1.75.4.1 2007/08/11 14:08:43 bouyer Exp $");
+__RCSID("$NetBSD: ping.c,v 1.75.4.2 2007/08/11 14:10:48 bouyer Exp $");
 #endif
 
 #include <stdio.h>
@@ -264,6 +264,14 @@
 #endif
   
 
+       if ((s = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
+               err(1, "Cannot create socket");
+       if ((sloop = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
+               err(1, "Cannot create socket");
+
+       if (setuid(getuid()) == -1)
+               err(1, "setuid");
+
        setprogname(argv[0]);
 
 #ifndef IPSEC
@@ -463,8 +471,6 @@
 
        ident = htons(getpid()) & 0xFFFF;
 
-       if ((s = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
-               err(1, "Cannot create socket");
        if (options & SO_DEBUG) {
                if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
                               (char *)&on, sizeof(on)) == -1)
@@ -476,8 +482,6 @@
                        warn("SO_DONTROUTE");
        }
 
-       if ((sloop = cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
-               err(1, "Cannot create socket");
        if (options & SO_DEBUG) {
                if (setsockopt(sloop, SOL_SOCKET, SO_DEBUG,
                               (char *)&on, sizeof(on)) == -1)