From patchwork Sun Feb  5 18:16:42 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?=C3=81ngel_Gonz=C3=A1lez?= <ingenit@zoho.com>
X-Patchwork-Id: 140697
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 801DFB6EE7
	for <patchwork-incoming@ozlabs.org>;
	Sat, 11 Feb 2012 04:37:52 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759561Ab2BJRhl (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 10 Feb 2012 12:37:41 -0500
Received: from sender1.zohomail.com ([72.5.230.103]:57618 "EHLO
	sender1.zohomail.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751298Ab2BJRhi (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 10 Feb 2012 12:37:38 -0500
X-Greylist: delayed 1204 seconds by postgrey-1.27 at vger.kernel.org;
	Fri, 10 Feb 2012 12:37:38 EST
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject:content-type;
	b=cO62Pb7TsZi9H59KuoOUyCkO0nD/vYlmlg66ZwFgpwstJr5w8KU02TBBpXXgFRxesmREnffjh3dJ
	xvXjKbOImywHyqAjRPnrWrF7RkMiKAJ+zA7aOD5e/JDFVnaGQolV  
Received: from [127.0.0.1] (44.Red-83-32-10.dynamicIP.rima-tde.net
	[83.32.10.44]) by mx.zohomail.com
	with SMTPS id 1328894252863191.7358438730638;
	Fri, 10 Feb 2012 09:17:32 -0800 (PST)
Message-ID: <4F2EBC40.2080500@zoho.com>
Date: Sun, 5 Feb 2012 19:16:42 +0100
From: =?ISO-8859-1?Q?=C1ngel_Gonz=E1lez?= <ingenit@zoho.com>
User-Agent: Thunderbird
MIME-Version: 1.0
To: netdev@vger.kernel.org
CC: yoshfuji@linux-ipv6.org
Subject: [PATCH] iputils: Add capability dropping
X-ZohoMailClient: External
X-Zoho-Virus-Status: 2
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This patch adds support for dropping capabilities to the iputils programs
which need root privileges (ping, ping6, clockdiff, traceroute6), so that
users installing them suid can instead install them setcap cap_net_raw+ep

The feature adds libcap as a requisite. In order to disable the feature
 sed -i "s/-DCAPABILITIES//;s/ -lcap//" Makefile


Signed-off-by: Ángel González <ingenit@zoho.com>
---



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff -ur iputils/Makefile iputils-capabilities/Makefile
--- iputils/Makefile	2012-01-10 02:42:52.000000000 +0100
+++ iputils-capabilities/Makefile	2012-02-05 17:40:18.000000000 +0100
@@ -14,7 +14,7 @@
 # What a pity, all new gccs are buggy and -Werror does not work. Sigh.
 #CCOPT=-D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g -Werror
 CCOPT=-D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g
-CFLAGS=$(CCOPT) $(GLIBCFIX) $(DEFINES) 
+CFLAGS=$(CCOPT) $(GLIBCFIX) $(DEFINES) -DCAPABILITIES
 
 IPV4_TARGETS=tracepath ping clockdiff rdisc arping tftpd rarpd
 IPV6_TARGETS=tracepath6 traceroute6 ping6
@@ -25,11 +25,12 @@
 
 all: $(TARGETS)
 
-
+clockdiff: -lcap
+traceroute6: -lcap
 tftpd: tftpd.o tftpsubs.o
-arping: arping.o -lsysfs
-ping: ping.o ping_common.o
-ping6: ping6.o ping_common.o -lresolv -lcrypto
+arping: arping.o -lsysfs -lcap
+ping: ping.o ping_common.o -lcap
+ping6: ping6.o ping_common.o -lresolv -lcrypto -lcap
 ping.o ping6.o ping_common.o: ping_common.h
 tftpd.o tftpsubs.o: tftp.h
 
diff -ur iputils/arping.c iputils-capabilities/arping.c
--- iputils/arping.c	2012-01-10 02:42:52.000000000 +0100
+++ iputils-capabilities/arping.c	2012-02-05 17:23:53.000000000 +0100
@@ -22,6 +22,9 @@
 #include <linux/if_ether.h>
 #include <net/if_arp.h>
 #include <sys/uio.h>
+#ifdef CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 #include <netdb.h>
 #include <unistd.h>
@@ -356,6 +359,17 @@
 		exit(-1);
 	}
 
+#ifdef CAPABILITIES
+	{
+		cap_t caps = cap_init();
+		if (cap_set_proc(caps)) {
+			perror("arping: cap_set_proc");
+			exit(-1);
+		}
+		cap_free(caps);
+	}
+#endif
+
 	while ((ch = getopt(argc, argv, "h?bfDUAqc:w:s:I:V")) != EOF) {
 		switch(ch) {
 		case 'b':
diff -ur iputils/clockdiff.c iputils-capabilities/clockdiff.c
--- iputils/clockdiff.c	2012-01-10 02:42:52.000000000 +0100
+++ iputils-capabilities/clockdiff.c	2012-02-05 17:33:14.000000000 +0100
@@ -20,6 +20,9 @@
 #include <arpa/inet.h>
 #include <errno.h>
 #include <linux/types.h>
+#ifdef CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 void usage(void) __attribute__((noreturn));
 
@@ -530,6 +533,20 @@
   exit(1);
 }
 
+void drop_rights(void) {
+#ifdef CAPABILITIES
+	cap_t caps = cap_init();
+	if (cap_set_proc(caps)) {
+		perror("clockdiff: cap_set_proc");
+		exit(-1);
+	}
+	cap_free(caps);
+#endif
+	if (setuid(getuid())) {
+		perror("clockdiff: setuid");
+		exit(-1);
+	}
+}
 
 int
 main(int argc, char *argv[])
@@ -541,10 +558,7 @@
 	int n_errno = 0;
 
 	if (argc < 2) {
-		if (setuid(getuid())) {
-			perror("clockdiff: setuid");
-			exit(-1);
-		}
+		drop_rights();
 		usage();
 	}
 
@@ -554,11 +568,7 @@
 	errno = 0;
 	if (nice(-16) == -1)
 		n_errno = errno;
-
-	if (setuid(getuid())) {
-		perror("clockdiff: setuid");
-		exit(-1);
-	}
+	drop_rights();
 
 	if (argc == 3) {
 		if (strcmp(argv[1], "-o") == 0) {
diff -ur iputils/ping.c iputils-capabilities/ping.c
--- iputils/ping.c	2012-01-10 02:42:52.000000000 +0100
+++ iputils-capabilities/ping.c	2012-02-05 17:33:51.000000000 +0100
@@ -62,6 +62,9 @@
 
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
+#ifdef CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 #ifndef ICMP_FILTER
 #define ICMP_FILTER	1
@@ -131,6 +134,16 @@
 		perror("ping: setuid");
 		exit(-1);
 	}
+#ifdef CAPABILITIES
+	{
+		cap_t caps = cap_init();
+		if (cap_set_proc(caps)) {
+			perror("ping: cap_set_proc");
+			exit(-1);
+		}
+		cap_free(caps);
+	}
+#endif
 
 	source.sin_family = AF_INET;
 
diff -ur iputils/ping6.c iputils-capabilities/ping6.c
--- iputils/ping6.c	2012-01-10 02:42:52.000000000 +0100
+++ iputils-capabilities/ping6.c	2012-02-05 17:33:44.000000000 +0100
@@ -72,6 +72,9 @@
 #include <netinet/ip6.h>
 #include <netinet/icmp6.h>
 #include <resolv.h>
+#ifdef CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 #include "ping6_niquery.h"
 
@@ -551,9 +554,19 @@
 
 	uid = getuid();
 	if (setuid(uid)) {
-		perror("ping: setuid");
+		perror("ping6: setuid");
 		exit(-1);
 	}
+#ifdef CAPABILITIES
+	{
+		cap_t caps = cap_init();
+		if (cap_set_proc(caps)) {
+			perror("ping6: cap_set_proc");
+			exit(-1);
+		}
+		cap_free(caps);
+	}
+#endif
 
 	source.sin6_family = AF_INET6;
 	memset(&firsthop, 0, sizeof(firsthop));
diff -ur iputils/traceroute6.c iputils-capabilities/traceroute6.c
--- iputils/traceroute6.c	2012-01-10 02:42:52.000000000 +0100
+++ iputils-capabilities/traceroute6.c	2012-02-05 17:33:59.000000000 +0100
@@ -249,6 +249,9 @@
 #include <netinet/ip6.h>
 #include <netinet/icmp6.h>
 #include <linux/types.h>
+#ifdef CAPABILITIES
+#include <sys/capability.h>
+#endif
 
 #include <arpa/inet.h>
 
@@ -342,6 +345,16 @@
 		perror("traceroute6: setuid");
 		exit(-1);
 	}
+#ifdef CAPABILITIES
+	{
+		cap_t caps = cap_init();
+		if (cap_set_proc(caps)) {
+			perror("traceroute6: cap_set_proc");
+			exit(-1);
+		}
+		cap_free(caps);
+	}
+#endif
 
 	on = 1;
 	seq = tos = 0;