like ping(8)...
OK?
diff --git traceroute.c traceroute.c
index 5c53f53..b1fde9d 100644
--- traceroute.c
+++ traceroute.c
@@ -246,6 +246,7 @@
#include <netinet/ip6.h>
#include <netinet/ip_icmp.h>
#include <netinet/udp.h>
+#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -303,6 +304,8 @@ int last_tos;
void usage(void);
+#define TRACEROUTE_USER "_ping"
+
int
main(int argc, char *argv[])
{
@@ -312,6 +315,7 @@ main(int argc, char *argv[])
int rcvcmsglen, rcvsock4, rcvsock6, sndsock4, sndsock6;
int v4sock_errno, v6sock_errno;
struct addrinfo hints, *res;
+ struct passwd *pw;
size_t size;
static u_char *rcvcmsgbuf;
struct sockaddr_in from4, to4;
@@ -343,8 +347,12 @@ main(int argc, char *argv[])
/* revoke privs */
uid = getuid();
- if (setresuid(uid, uid, uid) == -1)
- err(1, "setresuid");
+ if ((pw = getpwnam(TRACEROUTE_USER)) == NULL)
+ errx(1, "no %s user", TRACEROUTE_USER);
+ if (setgroups(1, &pw->pw_gid) ||
+ setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
+ setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
+ err(1, "unable to revoke privs");
if (strcmp("traceroute6", __progname) == 0) {
v6flag = 1;
@@ -662,13 +670,13 @@ main(int argc, char *argv[])
if (inet_aton(source, &from4.sin_addr) == 0)
errx(1, "unknown host %s", source);
ip->ip_src = from4.sin_addr;
- if (getuid() != 0 &&
+ if (uid != 0 &&
(ntohl(from4.sin_addr.s_addr) & 0xff000000U) ==
0x7f000000U && (ntohl(to4.sin_addr.s_addr) &
0xff000000U) != 0x7f000000U)
errx(1, "source is on 127/8, destination is"
" not");
- if (getuid() && bind(sndsock, (struct sockaddr *)&from4,
+ if (uid && bind(sndsock, (struct sockaddr *)&from4,
sizeof(from4)) < 0)
err(1, "bind");
}
--
I'm not entirely sure you are real.
