Re: traceroute(8): drop to _traceroute user

Tue, 27 Sep 2016 09:59:02 -0700 

On Tue, Sep 27, 2016 at 02:48:54PM +0200, Sebastien Marie wrote:
> I think we always want to drop effective uid once SOCK_RAW socket has
> been opened.

yes, I think this is better:

diff --git sbin/ping/ping.c sbin/ping/ping.c
index 383ef65..aa4c025 100644
--- sbin/ping/ping.c
+++ sbin/ping/ping.c
@@ -275,9 +275,11 @@ main(int argc, char *argv[])
 
        /* revoke privs */
        uid = getuid();
-       if ((pw = getpwnam(PING_USER)) == NULL)
-               errx(1, "no %s user", PING_USER);
-       if (setgroups(1, &pw->pw_gid) ||
+       if ((pw = getpwnam(PING_USER)) == NULL) {
+               warnx(1, "no %s user", PING_USER);
+               if (setresuid(uid, uid, uid) == -1)
+                       err(1, "setresuid");
+       } else if (setgroups(1, &pw->pw_gid) ||
            setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                err(1, "unable to revoke privs");
diff --git usr.sbin/traceroute/traceroute.c usr.sbin/traceroute/traceroute.c
index ba04494..a32985a 100644
--- usr.sbin/traceroute/traceroute.c
+++ usr.sbin/traceroute/traceroute.c
@@ -347,9 +347,11 @@ main(int argc, char *argv[])
 
        /* revoke privs */
        uid = getuid();
-       if ((pw = getpwnam(TRACEROUTE_USER)) == NULL)
-               errx(1, "no %s user", TRACEROUTE_USER);
-       if (setgroups(1, &pw->pw_gid) ||
+       if ((pw = getpwnam(TRACEROUTE_USER)) == NULL) {
+               warnx(1, "no %s user", TRACEROUTE_USER);
+               if (setresuid(uid, uid, uid) == -1)
+                       err(1, "setresuid");
+       } else if (setgroups(1, &pw->pw_gid) ||
            setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                err(1, "unable to revoke privs");
diff --git usr.bin/bgplg/bgplg.8 usr.bin/bgplg/bgplg.8
index d2f0f0d..15e15b2 100644
--- usr.bin/bgplg/bgplg.8
+++ usr.bin/bgplg/bgplg.8
@@ -77,12 +77,19 @@ and
 .Xr traceroute6 8
 will require a copy of the resolver configuration file
 .Xr resolv.conf 5
+for optional host name lookups and the password database with the users
+.Qq _ping
+and
+.Qq _traceroute
 in the
 .Xr chroot 2
-environment for optional host name lookups.
+environment.
 .Bd -literal -offset indent
 # mkdir /var/www/etc
 # cp /etc/resolv.conf /var/www/etc
+# grep -e ^_ping -e ^_traceroute /etc/master.passwd > \\
+       /var/www/etc/master.passwd.bgplg
+# pwd_mkdb -d /var/www/etc master.passwd.bgplg
 .Ed
 .It
 Start the Border Gateway Protocol daemon with a second,

-- 
I'm not entirely sure you are real.

Reply via email to