diff options
author | Bill Fenner <fenner@FreeBSD.org> | 1996-08-09 06:00:53 +0000 |
---|---|---|
committer | Bill Fenner <fenner@FreeBSD.org> | 1996-08-09 06:00:53 +0000 |
commit | f1284d7a513ed450a1a2136cdd31d5c32b548891 (patch) | |
tree | 80efc4c03bc4735309d7ed128353200a207a1302 /sbin/ping | |
parent | a3ec9ca226e7d64f8cebd7ca6d87a259ac4bc56e (diff) | |
download | src-f1284d7a513ed450a1a2136cdd31d5c32b548891.tar.gz src-f1284d7a513ed450a1a2136cdd31d5c32b548891.zip |
Drop setuid ASAP, to minimize code executed as root.
Reviewed by: pst
Notes
Notes:
svn path=/head/; revision=17474
Diffstat (limited to 'sbin/ping')
-rw-r--r-- | sbin/ping/ping.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index de19a4575d02..dfd1c2a35ff4 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -154,13 +154,26 @@ main(argc, argv) struct protoent *proto; struct termios ts; register int i; - int ch, fdmask, hold, packlen, preload; + int ch, fdmask, hold, packlen, preload, sockerrno; u_char *datap, *packet; char *target, hnamebuf[MAXHOSTNAMELEN], *malloc(); #ifdef IP_OPTIONS char rspace[3 + 4 * NROUTES + 1]; /* record route space */ #endif + /* + * Do the stuff that we need root priv's for *first*, and + * then drop our setuid bit. Save error reporting for + * after arg parsing. + */ + proto = getprotobyname("icmp"); + if (proto) { + s = socket(AF_INET, SOCK_RAW, proto->p_proto); + sockerrno = errno; + } + + setuid(getuid()); + preload = 0; if (tcgetattr (0, &ts) != -1) { reset_kerninfo = !(ts.c_lflag & NOKERNINFO); @@ -288,11 +301,12 @@ main(argc, argv) ident = getpid() & 0xFFFF; - if (!(proto = getprotobyname("icmp"))) { + if (!proto) { (void)fprintf(stderr, "ping: unknown protocol icmp.\n"); exit(1); } - if ((s = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) { + if (s < 0) { + errno = sockerrno; perror("ping: socket"); exit(1); } |