diff options
| author | Alan Somers <asomers@FreeBSD.org> | 2019-08-11 15:22:53 +0000 |
|---|---|---|
| committer | Alan Somers <asomers@FreeBSD.org> | 2019-08-11 15:22:53 +0000 |
| commit | 0ef7ac044a88525aac247ae199862966a5953d27 (patch) | |
| tree | bfe554acf87a9442d840fedef85e84850862af59 /sbin | |
| parent | 51f61fc0c7ece7a30c737341e65455841bc3f04e (diff) | |
| download | src-0ef7ac044a88525aac247ae199862966a5953d27.tar.gz src-0ef7ac044a88525aac247ae199862966a5953d27.zip | |
ping6: Revoke root privilege earlier
It can be done just after the sockets have been created.
Submitted by: Ján Sučan <sucanjan@gmail.com>
MFC after: 2 weeks
Sponsored by: Google, inc. (Google Summer of Code 2019)
Differential Revision: https://reviews.freebsd.org/D21213
Notes
Notes:
svn path=/head/; revision=350857
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ping6/ping6.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c index 8ccb541a8c4a..aa81701c9bc2 100644 --- a/sbin/ping6/ping6.c +++ b/sbin/ping6/ping6.c @@ -659,6 +659,12 @@ main(int argc, char *argv[]) err(1, "socket srecv"); freeaddrinfo(res); + /* revoke root privilege */ + if (seteuid(getuid()) != 0) + err(1, "seteuid() failed"); + if (setuid(getuid()) != 0) + err(1, "setuid() failed"); + /* set the source address if specified. */ if ((options & F_SRCADDR) != 0) { /* properly fill sin6_scope_id */ @@ -729,12 +735,6 @@ main(int argc, char *argv[]) #endif } - /* revoke root privilege */ - if (seteuid(getuid()) != 0) - err(1, "seteuid() failed"); - if (setuid(getuid()) != 0) - err(1, "setuid() failed"); - if ((options & F_FLOOD) && (options & F_INTERVAL)) errx(1, "-f and -i incompatible options"); |