From da790aa6c6bc2f3e6f64713626bf709c35f7f83d Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 29 Sep 2009 17:44:05 +0200 Subject: [PATCH] =?utf8?q?oping:=20Disable=20the=20=E2=80=9C-f=E2=80=9D=20?= =?utf8?q?option=20when=20real=20and=20effective=20user=20IDs=20don't=20ma?= =?utf8?q?tch.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Thanks to Steve Kemp who reported this issue as Debian bug #548684. --- src/mans/oping.pod | 4 ++++ src/oping.c | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/mans/oping.pod b/src/mans/oping.pod index 8a3cb58..fc8911d 100644 --- a/src/mans/oping.pod +++ b/src/mans/oping.pod @@ -58,6 +58,10 @@ Set the outgoing network device to use. Instead of specifying hostnames on the command line, read them from I. If I is B<->, read from C. +This option is only available if the real user ID (as returned by L) +and the effective user ID (as returned by L) match. This is meant +to avoid security issues when I is installed with the SUID-bit. + =back =head1 SEE ALSO diff --git a/src/oping.c b/src/oping.c index fc4cb5f..8419710 100644 --- a/src/oping.c +++ b/src/oping.c @@ -27,6 +27,7 @@ # include # include # include +# include #else # error "You don't have the standard C99 header files installed" #endif /* STDC_HEADERS */ @@ -133,6 +134,11 @@ static void usage_exit (const char *name, int status) exit (status); } +static _Bool is_setuid (void) +{ + return (getuid () != geteuid ()); +} + static int read_options (int argc, char **argv) { int optchar; @@ -164,6 +170,13 @@ static int read_options (int argc, char **argv) break; case 'f': + if (is_setuid ()) + { + fprintf (stderr, "For security reasons the `-f' option " + "is disabled if real and effective " + "user IDs don't match. Sorry.\n"); + } + else { if (opt_filename != NULL) free (opt_filename); -- 2.30.2