Florian Obser([email protected]) on 2016.09.26 20:00:34 +0000:
> It's not *that* expensive to have a dedicated user for this, so we
> don't need to think about if it's a problem to share with ping(8) or
> not. And we might be able to get rid of it again in the future.
>
> Pointed out by deraadt@
>
> OK?
yes, ok
> diff --git etc/group etc/group
> index 7c050ef..e823310 100644
> --- etc/group
> +++ etc/group
> @@ -21,6 +21,7 @@ _fingerd:*:33:
> _sshagnt:*:34:
> _x11:*:35:
> utmp:*:45:
> +_traceroute:*:50:
> _ping:*:51:
> _rebound:*:52:
> _unbound:*:53:
> diff --git etc/mail/aliases etc/mail/aliases
> index ea13fc4..759ee28 100644
> --- etc/mail/aliases
> +++ etc/mail/aliases
> @@ -65,6 +65,7 @@ _snmpd: /dev/null
> _spamd: /dev/null
> _syslogd: /dev/null
> _tcpdump: /dev/null
> +_traceroute: /dev/null
> _tftpd: /dev/null
> _unbound: /dev/null
> _vmd: /dev/null
> diff --git etc/master.passwd etc/master.passwd
> index 80be75a..82aa4e9 100644
> --- etc/master.passwd
> +++ etc/master.passwd
> @@ -9,6 +9,7 @@ _rstatd:*:30:30::0:0:rpc.rstatd:/var/empty:/sbin/nologin
> _rusersd:*:32:32::0:0:rpc.rusersd:/var/empty:/sbin/nologin
> _fingerd:*:33:33::0:0:fingerd:/var/empty:/sbin/nologin
> _x11:*:35:35::0:0:X Server:/var/empty:/sbin/nologin
> +_traceroute:*:50:50::0:0:traceroute privdrop user:/var/empty:/sbin/nologin
> _ping:*:51:51::0:0:ping privdrop user:/var/empty:/sbin/nologin
> _rebound:*:52:52::0:0:Rebound DNS Daemon:/var/empty:/sbin/nologin
> _unbound:*:53:53:unbound:0:0:Unbound Daemon:/var/unbound:/sbin/nologin
> diff --git usr.sbin/traceroute/traceroute.c usr.sbin/traceroute/traceroute.c
> index 5c53f53..9331f04 100644
> --- usr.sbin/traceroute/traceroute.c
> +++ usr.sbin/traceroute/traceroute.c
> @@ -246,6 +246,7 @@
> #include <netinet/ip6.h>
> #include <netinet/ip_icmp.h>
> #include <netinet/udp.h>
> +#include <pwd.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> @@ -303,6 +304,8 @@ int last_tos;
>
> void usage(void);
>
> +#define TRACEROUTE_USER "_traceroute"
> +
> int
> main(int argc, char *argv[])
> {
> @@ -312,6 +315,7 @@ main(int argc, char *argv[])
> int rcvcmsglen, rcvsock4, rcvsock6, sndsock4, sndsock6;
> int v4sock_errno, v6sock_errno;
> struct addrinfo hints, *res;
> + struct passwd *pw;
> size_t size;
> static u_char *rcvcmsgbuf;
> struct sockaddr_in from4, to4;
> @@ -343,8 +347,12 @@ main(int argc, char *argv[])
>
> /* revoke privs */
> uid = getuid();
> - if (setresuid(uid, uid, uid) == -1)
> - err(1, "setresuid");
> + if ((pw = getpwnam(TRACEROUTE_USER)) == NULL)
> + errx(1, "no %s user", TRACEROUTE_USER);
> + if (setgroups(1, &pw->pw_gid) ||
> + setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
> + setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
> + err(1, "unable to revoke privs");
>
> if (strcmp("traceroute6", __progname) == 0) {
> v6flag = 1;
> @@ -662,13 +670,13 @@ main(int argc, char *argv[])
> if (inet_aton(source, &from4.sin_addr) == 0)
> errx(1, "unknown host %s", source);
> ip->ip_src = from4.sin_addr;
> - if (getuid() != 0 &&
> + if (uid != 0 &&
> (ntohl(from4.sin_addr.s_addr) & 0xff000000U) ==
> 0x7f000000U && (ntohl(to4.sin_addr.s_addr) &
> 0xff000000U) != 0x7f000000U)
> errx(1, "source is on 127/8, destination is"
> " not");
> - if (getuid() && bind(sndsock, (struct sockaddr *)&from4,
> + if (uid && bind(sndsock, (struct sockaddr *)&from4,
> sizeof(from4)) < 0)
> err(1, "bind");
> }
>
>
> --
> I'm not entirely sure you are real.
>
