Ted Unangst([email protected]) on 2019.03.18 23:11:24 -0400: > Claudio Jeker wrote: > > Ping is a bit of a special case since it runs with user _ping when started > > as root. So by the time the SO_RTABLE is issued it does not have the privs > > to do it. The ping -V option only works when used in rdomain 0. > > Maybe we can drop privs a little later if we started running as root? > Just after getopt, which lets the setsockopt work, but before we do anything > dangerous.
We might as well get rid of the -V option? And traceroute has the same problem. Whatever we do here should be done there as well. /B. > Index: ping.c > =================================================================== > RCS file: /home/cvs/src/sbin/ping/ping.c,v > retrieving revision 1.234 > diff -u -p -r1.234 ping.c > --- ping.c 13 Nov 2018 14:30:36 -0000 1.234 > +++ ping.c 19 Mar 2019 03:07:27 -0000 > @@ -283,9 +283,9 @@ main(int argc, char *argv[]) > uid = getuid(); > gid = getgid(); > } > - if (setgroups(1, &gid) || > + if (ouid && (setgroups(1, &gid) || > setresgid(gid, gid, gid) || > - setresuid(uid, uid, uid)) > + setresuid(uid, uid, uid))) > err(1, "unable to revoke privs"); > > preload = 0; > @@ -428,6 +428,11 @@ main(int argc, char *argv[]) > usage(); > } > } > + > + if (ouid == 0 && (setgroups(1, &gid) || > + setresgid(gid, gid, gid) || > + setresuid(uid, uid, uid))) > + err(1, "unable to revoke privs"); > > argc -= optind; > argv += optind; >
