oping: Allow “-f -” even if uid and euid differ.

Thanks to Sebastian for the idea :)

diff --git a/src/mans/oping.pod b/src/mans/oping.pod
index fc8911dcab4adaebce02f47fcc8480f6a94ec773..12c3a657c0bce67cfe20f16c4670d9b958ede9bc 100644 (file)
--- a/src/mans/oping.pod
+++ b/src/mans/oping.pod
@@ -58,9 +58,10 @@ Set the outgoing network device to use.
 Instead of specifying hostnames on the command line, read them from
 I<filename>. If I<filename> is B<->, read from C<STDIN>.
 
-This option is only available if the real user ID (as returned by L<getuid(2)>)
-and the effective user ID (as returned by L<geteuid(2)>) match. This is meant
-to avoid security issues when I<oping> is installed with the SUID-bit.
+If the real user ID (as returned by L<getuid(2)>) and the effective user ID (as
+returned by L<geteuid(2)>) differ, the only argument allowed for this option is
+"-" (i.E<nbsp>e. standard input). This is meant to avoid security issues when
+I<oping> is installed with the SUID-bit.
 
 =back
 

diff --git a/src/oping.c b/src/oping.c
index 8419710daaa9dd3ed1b27081100ad6349029e85b..3d1edddccb4819479d125387b8a5da3c40428622 100644 (file)
--- a/src/oping.c
+++ b/src/oping.c
@@ -170,7 +170,7 @@ static int read_options (int argc, char **argv)
                                break;
 
                        case 'f':
-                               if (is_setuid ())
+                               if (is_setuid () && (strcmp ("-", optarg) != 0))
                                {
                                        fprintf (stderr, "For security reasons the `-f' option "
                                                        "is disabled if real and effective "