Re: does this patch make sense?

Thu, 07 Nov 2013 08:21:30 -0800 

On 11/07/13 15:41, Peter J. Philipp wrote:
> Just for extra paranoia's sake?  Against 5.4 sources.
> 
> -peter
> 
> diff -u -p -u -r1.82 traceroute.c
> --- traceroute.c        10 Feb 2012 23:05:54 -0000      1.82
> +++ traceroute.c        7 Nov 2013 14:36:44 -0000
> @@ -310,6 +310,7 @@ main(int argc, char *argv[])
>         const char *errstr;
>         long l;
>         uid_t uid;
> +       gid_t gid;
>         u_int rtableid;
> 
>         if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
> @@ -319,6 +320,14 @@ main(int argc, char *argv[])
> 
>         /* revoke privs */
>         uid = getuid();
> +       gid = getgid();
> +
> +       if (setgroups(1, &gid) == -1)
> +               err(1, "setgroups");
> +
> +       if (setresgid(gid, gid, gid) == -1)
> +               err(1, "setresgid");
> +
>         if (setresuid(uid, uid, uid) == -1)
>                 err(1, "setresuid");
> 


I thought about it and thought my patch didn't really do anything.  So
then I added another piece that doesn't really do anything but saves CPU
cycles.  I tested this with tcpdump and it seems to update the TOS
accordingly.

-peter

===================================================================
RCS file: /cvs/src/usr.sbin/traceroute/traceroute.c,v
retrieving revision 1.82
diff -u -p -u -r1.82 traceroute.c
--- traceroute.c        10 Feb 2012 23:05:54 -0000      1.82
+++ traceroute.c        7 Nov 2013 16:13:54 -0000
@@ -310,6 +310,7 @@ main(int argc, char *argv[])
        const char *errstr;
        long l;
        uid_t uid;
+       gid_t gid;
        u_int rtableid;

        if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
@@ -319,6 +320,14 @@ main(int argc, char *argv[])

        /* revoke privs */
        uid = getuid();
+       gid = getgid();
+
+       if (setgroups(1, &gid) == -1)
+               err(1, "setgroups");
+
+       if (setresgid(gid, gid, gid) == -1)
+               err(1, "setresgid");
+
        if (setresuid(uid, uid, uid) == -1)
                err(1, "setresuid");

@@ -1224,6 +1233,7 @@ int
 map_tos(char *s, int *val)
 {
        /* DiffServ Codepoints and other TOS mappings */
+       /* KEEP SORTED */
        const struct toskeywords {
                const char      *keyword;
                int              val;
@@ -1258,14 +1268,13 @@ map_tos(char *s, int *val)
                { NULL,                 -1 },
        };

-       for (t = toskeywords; t->keyword != NULL; t++) {
-               if (strcmp(s, t->keyword) == 0) {
-                       *val = t->val;
-                       return (1);
-               }
-       }
+       t = bsearch(s, toskeywords, nitems(toskeywords), sizeof(struct
toskeywords), (int (*)(const void *, const void *))strcmp);
+       if (t == NULL)
+               return (0);

-       return (0);
+       *val = t->val;
+
+       return (1);
 }

 void

Reply via email to