Subject: Re: /sbin/ping - fails to drop into background?
To: None <tech-userlevel@NetBSD.org>
From: Geert Hendrickx <ghen@telenet.be>
List: tech-userlevel
Date: 08/03/2007 07:56:35 
--+SfteS7bOf3dGlBC
Content-Type: multipart/mixed; boundary="PHCdUe6m4AxPMzOu"
Content-Disposition: inline


--PHCdUe6m4AxPMzOu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Another ping(8) fix that could be a candidate for pullup: rev. 1.83-1.85
(PR/28741: ping does not drop root privs).  Applies cleanly as well, diff
attached.

	Geert

--PHCdUe6m4AxPMzOu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ping_setuid.diff"
Content-Transfer-Encoding: quoted-printable

--- src/sbin/ping/ping.c	2006/07/14 05:43:49	1.82
+++ src/sbin/ping/ping.c	2006/09/28 16:01:16	1.85
@@ -256,6 +256,14 @@ main(int argc, char *argv[])
 	struct sigaction sa;
 #endif
=20
+	if ((s =3D cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
+		err(1, "Cannot create socket");
+	if ((sloop =3D cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
+		err(1, "Cannot create socket");
+
+	if (setuid(getuid()) =3D=3D -1)
+		err(1, "setuid");
+
 	setprogname(argv[0]);
=20
 #ifndef IPSEC
@@ -455,8 +463,6 @@ main(int argc, char *argv[])
=20
 	ident =3D arc4random() & 0xFFFF;
=20
-	if ((s =3D cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
-		err(1, "Cannot create socket");
 	if (options & SO_DEBUG) {
 		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
 			       (char *)&on, sizeof(on)) =3D=3D -1)
@@ -468,8 +474,6 @@ main(int argc, char *argv[])
 			warn("SO_DONTROUTE");
 	}
=20
-	if ((sloop =3D cap_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
-		err(1, "Cannot create socket");
 	if (options & SO_DEBUG) {
 		if (setsockopt(sloop, SOL_SOCKET, SO_DEBUG,
 			       (char *)&on, sizeof(on)) =3D=3D -1)


--PHCdUe6m4AxPMzOu--

--+SfteS7bOf3dGlBC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)

iQEVAwUBRrLDk4LS9urEu56fAQptFgf/drxVa6lB13mQnrY5Mi2QO4opAjNUBFzp
ZA9jE9frXV12yruoXF0EjycOV2hbkP/BldEg4LUaGzKDxqIbDzSHRWuA5B2udTYC
PcuBV5qwGgm6Km36mNZAKlbKYhnwAFQp9cUNklsxkV4LM/TSHQ/PA9ZstVEBPA1t
/LaZPRyjw5X8CQgwd5fM9IVZU5ofdrg5ishW+AL0ceMVgBgg8CDCkfRKP45Wt//B
yRNRan5kgQy16+SjWBQaUz9VuU1uo6l1+FM5bTGXksrkjF1vcGjVnpmckV/aK/HO
A0ItTMmBxwktUz7pW3otrOcZihpSSv9WsWVjtWWsEBB2sDcWxML0mQ==
=0Qvn
-----END PGP SIGNATURE-----

--+SfteS7bOf3dGlBC--