Claudio Jeker wrote:
> Ping is a bit of a special case since it runs with user _ping when started
> as root. So by the time the SO_RTABLE is issued it does not have the privs
> to do it. The ping -V option only works when used in rdomain 0.
Maybe we can drop privs a little later if we started running as root?
Just after getopt, which lets the setsockopt work, but before we do anything
dangerous.
Index: ping.c
===================================================================
RCS file: /home/cvs/src/sbin/ping/ping.c,v
retrieving revision 1.234
diff -u -p -r1.234 ping.c
--- ping.c 13 Nov 2018 14:30:36 -0000 1.234
+++ ping.c 19 Mar 2019 03:07:27 -0000
@@ -283,9 +283,9 @@ main(int argc, char *argv[])
uid = getuid();
gid = getgid();
}
- if (setgroups(1, &gid) ||
+ if (ouid && (setgroups(1, &gid) ||
setresgid(gid, gid, gid) ||
- setresuid(uid, uid, uid))
+ setresuid(uid, uid, uid)))
err(1, "unable to revoke privs");
preload = 0;
@@ -428,6 +428,11 @@ main(int argc, char *argv[])
usage();
}
}
+
+ if (ouid == 0 && (setgroups(1, &gid) ||
+ setresgid(gid, gid, gid) ||
+ setresuid(uid, uid, uid)))
+ err(1, "unable to revoke privs");
argc -= optind;
argv += optind;
