2010-11-08 22:32:54 +01:00
|
|
|
From 584838c9d4a496c4329e4c9a3d35520db00abb99 Mon Sep 17 00:00:00 2001
|
2010-11-04 16:51:08 +01:00
|
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
|
|
Date: Wed, 3 Nov 2010 17:43:42 +0100
|
2010-11-08 22:32:54 +01:00
|
|
|
Subject: [PATCH iputils] drop capabilities
|
2010-11-04 16:51:08 +01:00
|
|
|
|
|
|
|
dropping capabilities makes sure that ping also gets rid of privileges
|
|
|
|
gained via fscaps. Capabilities are also dropped when called as root so
|
|
|
|
the running ping process has no special privileges anymore at all even
|
2010-11-08 22:32:54 +01:00
|
|
|
in that case. Capabilities need to be dropped after setuid() otherwise a
|
|
|
|
setuid ping would not have the privileges to drop root privileges anymore!
|
2010-11-04 16:51:08 +01:00
|
|
|
---
|
|
|
|
Makefile | 6 ++++++
|
2010-11-08 22:32:54 +01:00
|
|
|
ping.c | 16 ++++++++++++++++
|
|
|
|
ping6.c | 16 ++++++++++++++++
|
|
|
|
3 files changed, 38 insertions(+), 0 deletions(-)
|
2010-11-04 16:51:08 +01:00
|
|
|
|
|
|
|
diff --git a/Makefile b/Makefile
|
|
|
|
index d9a5ca5..6629ebf 100644
|
|
|
|
--- a/Makefile
|
|
|
|
+++ b/Makefile
|
|
|
|
@@ -6,6 +6,12 @@ DEFINES=
|
|
|
|
#options if you have a bind>=4.9.4 libresolv (or, maybe, glibc)
|
|
|
|
LDLIBS=
|
|
|
|
ADDLIB=
|
|
|
|
+CAPABILITIES=
|
|
|
|
+
|
|
|
|
+ifeq ($(CAPABILITIES),1)
|
|
|
|
+DEFINES += -DHAVE_CAPABILITIES
|
|
|
|
+LDLIBS += -lcap
|
|
|
|
+endif
|
|
|
|
|
|
|
|
#options if you compile with libc5, and without a bind>=4.9.4 libresolv
|
|
|
|
# NOT AVAILABLE. Please, use libresolv.
|
|
|
|
diff --git a/ping.c b/ping.c
|
2010-11-08 22:32:54 +01:00
|
|
|
index eacb29d..fa91163 100644
|
2010-11-04 16:51:08 +01:00
|
|
|
--- a/ping.c
|
|
|
|
+++ b/ping.c
|
|
|
|
@@ -62,6 +62,9 @@ char copyright[] =
|
|
|
|
|
|
|
|
#include <netinet/ip.h>
|
|
|
|
#include <netinet/ip_icmp.h>
|
|
|
|
+#ifdef HAVE_CAPABILITIES
|
|
|
|
+#include <sys/capability.h>
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
#ifndef ICMP_FILTER
|
|
|
|
#define ICMP_FILTER 1
|
2010-11-08 22:32:54 +01:00
|
|
|
@@ -122,6 +125,9 @@ main(int argc, char **argv)
|
2010-11-04 16:51:08 +01:00
|
|
|
u_char *packet;
|
|
|
|
char *target, hnamebuf[MAX_HOSTNAMELEN];
|
|
|
|
char rspace[3 + 4 * NROUTES + 1]; /* record route space */
|
|
|
|
+#ifdef HAVE_CAPABILITIES
|
|
|
|
+ cap_t caps;
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
|
|
|
|
socket_errno = errno;
|
2010-11-08 22:32:54 +01:00
|
|
|
@@ -132,6 +138,16 @@ main(int argc, char **argv)
|
|
|
|
exit(-1);
|
|
|
|
}
|
2010-11-04 16:51:08 +01:00
|
|
|
|
|
|
|
+#ifdef HAVE_CAPABILITIES
|
|
|
|
+ /* drop all capabilities unconditionally so even root isn't special anymore */
|
|
|
|
+ caps = cap_init();
|
|
|
|
+ if (cap_set_proc(caps) < 0) {
|
|
|
|
+ perror("ping: cap_set_proc");
|
|
|
|
+ exit(-1);
|
|
|
|
+ }
|
2010-11-08 22:32:54 +01:00
|
|
|
+ cap_free(caps);
|
2010-11-04 16:51:08 +01:00
|
|
|
+#endif
|
|
|
|
+
|
2010-11-08 22:32:54 +01:00
|
|
|
source.sin_family = AF_INET;
|
|
|
|
|
|
|
|
preload = 1;
|
2010-11-04 16:51:08 +01:00
|
|
|
diff --git a/ping6.c b/ping6.c
|
2010-11-08 22:32:54 +01:00
|
|
|
index c5ff881..bfc0769 100644
|
2010-11-04 16:51:08 +01:00
|
|
|
--- a/ping6.c
|
|
|
|
+++ b/ping6.c
|
|
|
|
@@ -72,6 +72,9 @@ char copyright[] =
|
|
|
|
#include <netinet/ip6.h>
|
|
|
|
#include <netinet/icmp6.h>
|
|
|
|
#include <resolv.h>
|
|
|
|
+#ifdef HAVE_CAPABILITIES
|
|
|
|
+#include <sys/capability.h>
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
#include "ping6_niquery.h"
|
|
|
|
|
2010-11-08 22:32:54 +01:00
|
|
|
@@ -528,6 +531,9 @@ int main(int argc, char *argv[])
|
2010-11-04 16:51:08 +01:00
|
|
|
int csum_offset, sz_opt;
|
|
|
|
#endif
|
|
|
|
static uint32_t scope_id = 0;
|
|
|
|
+#ifdef HAVE_CAPABILITIES
|
|
|
|
+ cap_t caps;
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
|
|
|
|
socket_errno = errno;
|
2010-11-08 22:32:54 +01:00
|
|
|
@@ -538,6 +544,16 @@ int main(int argc, char *argv[])
|
|
|
|
exit(-1);
|
|
|
|
}
|
2010-11-04 16:51:08 +01:00
|
|
|
|
|
|
|
+#ifdef HAVE_CAPABILITIES
|
|
|
|
+ /* drop all capabilities unconditionally so even root isn't special anymore */
|
|
|
|
+ caps = cap_init();
|
|
|
|
+ if (cap_set_proc(caps) < 0) {
|
|
|
|
+ perror("ping: cap_set_proc");
|
|
|
|
+ exit(-1);
|
|
|
|
+ }
|
2010-11-08 22:32:54 +01:00
|
|
|
+ cap_free(caps);
|
2010-11-04 16:51:08 +01:00
|
|
|
+#endif
|
|
|
|
+
|
2010-11-08 22:32:54 +01:00
|
|
|
source.sin6_family = AF_INET6;
|
|
|
|
memset(&firsthop, 0, sizeof(firsthop));
|
|
|
|
firsthop.sin6_family = AF_INET6;
|
2010-11-04 16:51:08 +01:00
|
|
|
--
|
|
|
|
1.7.1
|
|
|
|
|