Re: ping issue with rdomains

Tue, 19 Mar 2019 12:55:52 -0700 

Claudio Jeker([email protected]) on 2019.03.19 10:25:25 +0100:
> On Tue, Mar 19, 2019 at 09:28:01AM +0100, Sebastian Benoit wrote:
> > Ted Unangst([email protected]) on 2019.03.18 23:11:24 -0400:
> > > Claudio Jeker wrote:
> > > > Ping is a bit of a special case since it runs with user _ping when 
> > > > started
> > > > as root. So by the time the SO_RTABLE is issued it does not have the 
> > > > privs
> > > > to do it. The ping -V option only works when used in rdomain 0.
> > > 
> > > Maybe we can drop privs a little later if we started running as root?
> > > Just after getopt, which lets the setsockopt work, but before we do 
> > > anything
> > > dangerous.
> > 
> > We might as well get rid of the -V option?
> 
> This is my least preferred option.

hehe
  
> > And traceroute has the same problem. Whatever we do here should be done
> > there as well.
> 
> Indeed. It is the setuid priv-drop tools that have issues with this since
> there is no way to run the setsockopt with the original privs.
> 
> I'm fine with tedu@'s diff. IMO this is a fairly simple solution.

i'm ok with it too.

Here is one for both ping and traceroute. Ted, you commit it?

diff --git sbin/ping/ping.c sbin/ping/ping.c
index b3b7d6ba8d6..162cbfe4e6b 100644
--- sbin/ping/ping.c
+++ sbin/ping/ping.c
@@ -283,9 +283,9 @@ main(int argc, char *argv[])
                uid = getuid();
                gid = getgid();
        }
-       if (setgroups(1, &gid) ||
+       if (ouid && (setgroups(1, &gid) ||
            setresgid(gid, gid, gid) ||
-           setresuid(uid, uid, uid))
+           setresuid(uid, uid, uid)))
                err(1, "unable to revoke privs");
 
        preload = 0;
@@ -429,6 +429,11 @@ main(int argc, char *argv[])
                }
        }
 
+       if (ouid == 0 && (setgroups(1, &gid) ||
+           setresgid(gid, gid, gid) ||
+           setresuid(uid, uid, uid)))
+               err(1, "unable to revoke privs");
+
        argc -= optind;
        argv += optind;
 
diff --git usr.sbin/traceroute/traceroute.c usr.sbin/traceroute/traceroute.c
index 5ebb3df5573..81ee9ca3435 100644
--- usr.sbin/traceroute/traceroute.c
+++ usr.sbin/traceroute/traceroute.c
@@ -366,9 +366,9 @@ main(int argc, char *argv[])
                uid = getuid();
                gid = getgid();
        }
-       if (setgroups(1, &gid) ||
+       if (ouid && (setgroups(1, &gid) ||
            setresgid(gid, gid, gid) ||
-           setresuid(uid, uid, uid))
+           setresuid(uid, uid, uid)))
                err(1, "unable to revoke privs");
 
        if (strcmp("traceroute6", __progname) == 0) {
@@ -559,6 +559,12 @@ main(int argc, char *argv[])
                default:
                        usage(v6flag);
                }
+
+       if (ouid == 0 && (setgroups(1, &gid) ||
+           setresgid(gid, gid, gid) ||
+           setresuid(uid, uid, uid)))
+               err(1, "unable to revoke privs");
+
        argc -= optind;
        argv += optind;

Reply via email to