Accepting request 52383 from home:lnussel:fscaps

reviewed Ok and forwarded to Factory

OBS-URL: https://build.opensuse.org/request/show/52383
OBS-URL: https://build.opensuse.org/package/show/network:utilities/iputils?expand=0&rev=17

iputils-s20101006-capabilities.diff

@@ -1,17 +1,18 @@
-From 5701111b91ed61d329deb13768776b84565f785a Mon Sep 17 00:00:00 2001
+From 584838c9d4a496c4329e4c9a3d35520db00abb99 Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel <ludwig.nussel@suse.de>
 Date: Wed, 3 Nov 2010 17:43:42 +0100
-Subject: [PATCH] drop capabilities
+Subject: [PATCH iputils] drop capabilities
 
 dropping capabilities makes sure that ping also gets rid of privileges
 gained via fscaps. Capabilities are also dropped when called as root so
 the running ping process has no special privileges anymore at all even
-in that case.
+in that case. Capabilities need to be dropped after setuid() otherwise a
+setuid ping would not have the privileges to drop root privileges anymore!
 ---
  Makefile |    6 ++++++
- ping.c   |   15 +++++++++++++++
- ping6.c  |   15 +++++++++++++++
- 3 files changed, 36 insertions(+), 0 deletions(-)
+ ping.c   |   16 ++++++++++++++++
+ ping6.c  |   16 ++++++++++++++++
+ 3 files changed, 38 insertions(+), 0 deletions(-)
 
 diff --git a/Makefile b/Makefile
 index d9a5ca5..6629ebf 100644
@@ -31,7 +32,7 @@ index d9a5ca5..6629ebf 100644
  #options if you compile with libc5, and without a bind>=4.9.4 libresolv
  # NOT AVAILABLE. Please, use libresolv.
 diff --git a/ping.c b/ping.c
-index eacb29d..afebeb7 100644
+index eacb29d..fa91163 100644
 --- a/ping.c
 +++ b/ping.c
 @@ -62,6 +62,9 @@ char copyright[] =
@@ -44,7 +45,7 @@ index eacb29d..afebeb7 100644
  
  #ifndef ICMP_FILTER
  #define ICMP_FILTER	1
-@@ -122,10 +125,22 @@ main(int argc, char **argv)
+@@ -122,6 +125,9 @@ main(int argc, char **argv)
  	u_char *packet;
  	char *target, hnamebuf[MAX_HOSTNAMELEN];
  	char rspace[3 + 4 * NROUTES + 1];	/* record route space */
@@ -54,6 +55,9 @@ index eacb29d..afebeb7 100644
  
  	icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
  	socket_errno = errno;
+@@ -132,6 +138,16 @@ main(int argc, char **argv)
+ 		exit(-1);
+ 	}
  
 +#ifdef HAVE_CAPABILITIES
 +	/* drop all capabilities unconditionally so even root isn't special anymore */
@@ -62,13 +66,14 @@ index eacb29d..afebeb7 100644
 +		perror("ping: cap_set_proc");
 +		exit(-1);
 +	}
++	cap_free(caps);
 +#endif
 +
- 	uid = getuid();
- 	if (setuid(uid)) {
- 		perror("ping: setuid");
+ 	source.sin_family = AF_INET;
+ 
+ 	preload = 1;
 diff --git a/ping6.c b/ping6.c
-index c5ff881..3c6a75a 100644
+index c5ff881..bfc0769 100644
 --- a/ping6.c
 +++ b/ping6.c
 @@ -72,6 +72,9 @@ char copyright[] =
@@ -81,7 +86,7 @@ index c5ff881..3c6a75a 100644
  
  #include "ping6_niquery.h"
  
-@@ -528,10 +531,22 @@ int main(int argc, char *argv[])
+@@ -528,6 +531,9 @@ int main(int argc, char *argv[])
  	int csum_offset, sz_opt;
  #endif
  	static uint32_t scope_id = 0;
@@ -91,6 +96,9 @@ index c5ff881..3c6a75a 100644
  
  	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
  	socket_errno = errno;
+@@ -538,6 +544,16 @@ int main(int argc, char *argv[])
+ 		exit(-1);
+ 	}
  
 +#ifdef HAVE_CAPABILITIES
 +	/* drop all capabilities unconditionally so even root isn't special anymore */
@@ -99,11 +107,12 @@ index c5ff881..3c6a75a 100644
 +		perror("ping: cap_set_proc");
 +		exit(-1);
 +	}
++	cap_free(caps);
 +#endif
 +
- 	uid = getuid();
- 	if (setuid(uid)) {
- 		perror("ping: setuid");
+ 	source.sin6_family = AF_INET6;
+ 	memset(&firsthop, 0, sizeof(firsthop));
+ 	firsthop.sin6_family = AF_INET6;
 -- 
 1.7.1
 

iputils.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Nov  8 10:32:37 UTC 2010 - lnussel@suse.de
+
+- fix capabilities patch: first switch uid then drop caps.
+
 -------------------------------------------------------------------
 Wed Nov  3 14:31:09 UTC 2010 - lnussel@suse.de