SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 12:09 PM
| ||||
| ||||
 drop privileges to nobody is pinging as root Hi, To further improve security I think this patch may help. Perhaps simply dropping to setuid(32767) is good enough, I don't know. Index: ping.c ================================================== ================= RCS file: /cvs/src/sbin/ping/ping.c,v retrieving revision 1.73 diff -u -p -w -r1.73 ping.c --- ping.c 9 Jan 2006 22:42:35 -0000 1.73 +++ ping.c 6 Mar 2006 21:11:10 -0000 @@ -86,6 +86,7 @@ static const char rcsid[] = "$OpenBSD: p #include <errno.h> #include <string.h> #include <stdlib.h> +#include <pwd.h> struct tvi { u_int tv_sec; @@ -205,6 +206,17 @@ main(int argc, char *argv[]) /* revoke privs */ seteuid(getuid()); setuid(getuid()); + + /* If the user is root try to drop privs to user nobody */ + if (getuid() == 0) { + struct passwd *pwnam; + pwnam = getpwnam("nobody"); + if (pwnam != NULL) { + seteuid(pwnam->pw_uid); + setuid(pwnam->pw_uid); + } else + warnx("can't drop privileges to user nobody"); + } preload = 0; datap = &outpack[8 + sizeof(struct tvi)]; # Han      |
 |
« Re: drop privileges to nobody is pinging as root
|
Re: drop privileges to nobody is pinging as root »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
All times are GMT. The time now is 10:16 PM.
