iputils/iputils-s20101006-capabilities.diff

From 5701111b91ed61d329deb13768776b84565f785a Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 3 Nov 2010 17:43:42 +0100
Subject: [PATCH] drop capabilities

dropping capabilities makes sure that ping also gets rid of privileges
gained via fscaps. Capabilities are also dropped when called as root so
the running ping process has no special privileges anymore at all even
in that case.
---
 Makefile |    6 ++++++
 ping.c   |   15 +++++++++++++++
 ping6.c  |   15 +++++++++++++++
 3 files changed, 36 insertions(+), 0 deletions(-)

diff --git a/Makefile b/Makefile
index d9a5ca5..6629ebf 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,12 @@ DEFINES=
 #options if you have a bind>=4.9.4 libresolv (or, maybe, glibc)
 LDLIBS=
 ADDLIB=
+CAPABILITIES=
+
+ifeq ($(CAPABILITIES),1)
+DEFINES += -DHAVE_CAPABILITIES
+LDLIBS += -lcap
+endif
 
 #options if you compile with libc5, and without a bind>=4.9.4 libresolv
 # NOT AVAILABLE. Please, use libresolv.
diff --git a/ping.c b/ping.c
index eacb29d..afebeb7 100644
--- a/ping.c
+++ b/ping.c
@@ -62,6 +62,9 @@ char copyright[] =
 
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
+#ifdef HAVE_CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 #ifndef ICMP_FILTER
 #define ICMP_FILTER	1
@@ -122,10 +125,22 @@ main(int argc, char **argv)
 	u_char *packet;
 	char *target, hnamebuf[MAX_HOSTNAMELEN];
 	char rspace[3 + 4 * NROUTES + 1];	/* record route space */
+#ifdef HAVE_CAPABILITIES
+	cap_t caps;
+#endif
 
 	icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
 	socket_errno = errno;
 
+#ifdef HAVE_CAPABILITIES
+	/* drop all capabilities unconditionally so even root isn't special anymore */
+	caps = cap_init();
+	if (cap_set_proc(caps) < 0) {
+		perror("ping: cap_set_proc");
+		exit(-1);
+	}
+#endif
+
 	uid = getuid();
 	if (setuid(uid)) {
 		perror("ping: setuid");
diff --git a/ping6.c b/ping6.c
index c5ff881..3c6a75a 100644
--- a/ping6.c
+++ b/ping6.c
@@ -72,6 +72,9 @@ char copyright[] =
 #include <netinet/ip6.h>
 #include <netinet/icmp6.h>
 #include <resolv.h>
+#ifdef HAVE_CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 #include "ping6_niquery.h"
 
@@ -528,10 +531,22 @@ int main(int argc, char *argv[])
 	int csum_offset, sz_opt;
 #endif
 	static uint32_t scope_id = 0;
+#ifdef HAVE_CAPABILITIES
+	cap_t caps;
+#endif
 
 	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
 	socket_errno = errno;
 
+#ifdef HAVE_CAPABILITIES
+	/* drop all capabilities unconditionally so even root isn't special anymore */
+	caps = cap_init();
+	if (cap_set_proc(caps) < 0) {
+		perror("ping: cap_set_proc");
+		exit(-1);
+	}
+#endif
+
 	uid = getuid();
 	if (setuid(uid)) {
 		perror("ping: setuid");
-- 
1.7.1
Accepting request 52163 from home:lnussel:fscaps Reviewed ok - Thanks - will this go to other repos for maintenance/security ? OBS-URL: https://build.opensuse.org/request/show/52163 OBS-URL: https://build.opensuse.org/package/show/network:utilities/iputils?expand=0&rev=16 2010-11-04 16:51:08 +01:00			`From 5701111b91ed61d329deb13768776b84565f785a Mon Sep 17 00:00:00 2001`
			`From: Ludwig Nussel <ludwig.nussel@suse.de>`
			`Date: Wed, 3 Nov 2010 17:43:42 +0100`
			`Subject: [PATCH] drop capabilities`

			`dropping capabilities makes sure that ping also gets rid of privileges`
			`gained via fscaps. Capabilities are also dropped when called as root so`
			`the running ping process has no special privileges anymore at all even`
			`in that case.`
			`---`
			`Makefile \| 6 ++++++`
			`ping.c \| 15 +++++++++++++++`
			`ping6.c \| 15 +++++++++++++++`
			`3 files changed, 36 insertions(+), 0 deletions(-)`

			`diff --git a/Makefile b/Makefile`
			`index d9a5ca5..6629ebf 100644`
			`--- a/Makefile`
			`+++ b/Makefile`
			`@@ -6,6 +6,12 @@ DEFINES=`
			`#options if you have a bind>=4.9.4 libresolv (or, maybe, glibc)`
			`LDLIBS=`
			`ADDLIB=`
			`+CAPABILITIES=`
			`+`
			`+ifeq ($(CAPABILITIES),1)`
			`+DEFINES += -DHAVE_CAPABILITIES`
			`+LDLIBS += -lcap`
			`+endif`

			`#options if you compile with libc5, and without a bind>=4.9.4 libresolv`
			`# NOT AVAILABLE. Please, use libresolv.`
			`diff --git a/ping.c b/ping.c`
			`index eacb29d..afebeb7 100644`
			`--- a/ping.c`
			`+++ b/ping.c`
			`@@ -62,6 +62,9 @@ char copyright[] =`

			`#include <netinet/ip.h>`
			`#include <netinet/ip_icmp.h>`
			`+#ifdef HAVE_CAPABILITIES`
			`+#include <sys/capability.h>`
			`+#endif`

			`#ifndef ICMP_FILTER`
			`#define ICMP_FILTER 1`
			`@@ -122,10 +125,22 @@ main(int argc, char **argv)`
			`u_char *packet;`
			`char *target, hnamebuf[MAX_HOSTNAMELEN];`
			`char rspace[3 + 4 * NROUTES + 1]; /* record route space */`
			`+#ifdef HAVE_CAPABILITIES`
			`+ cap_t caps;`
			`+#endif`

			`icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);`
			`socket_errno = errno;`

			`+#ifdef HAVE_CAPABILITIES`
			`+ /* drop all capabilities unconditionally so even root isn't special anymore */`
			`+ caps = cap_init();`
			`+ if (cap_set_proc(caps) < 0) {`
			`+ perror("ping: cap_set_proc");`
			`+ exit(-1);`
			`+ }`
			`+#endif`
			`+`
			`uid = getuid();`
			`if (setuid(uid)) {`
			`perror("ping: setuid");`
			`diff --git a/ping6.c b/ping6.c`
			`index c5ff881..3c6a75a 100644`
			`--- a/ping6.c`
			`+++ b/ping6.c`
			`@@ -72,6 +72,9 @@ char copyright[] =`
			`#include <netinet/ip6.h>`
			`#include <netinet/icmp6.h>`
			`#include <resolv.h>`
			`+#ifdef HAVE_CAPABILITIES`
			`+#include <sys/capability.h>`
			`+#endif`

			`#include "ping6_niquery.h"`

			`@@ -528,10 +531,22 @@ int main(int argc, char *argv[])`
			`int csum_offset, sz_opt;`
			`#endif`
			`static uint32_t scope_id = 0;`
			`+#ifdef HAVE_CAPABILITIES`
			`+ cap_t caps;`
			`+#endif`

			`icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);`
			`socket_errno = errno;`

			`+#ifdef HAVE_CAPABILITIES`
			`+ /* drop all capabilities unconditionally so even root isn't special anymore */`
			`+ caps = cap_init();`
			`+ if (cap_set_proc(caps) < 0) {`
			`+ perror("ping: cap_set_proc");`
			`+ exit(-1);`
			`+ }`
			`+#endif`
			`+`
			`uid = getuid();`
			`if (setuid(uid)) {`
			`perror("ping: setuid");`
			`--`
			`1.7.1`