From masafumi@tky007.tth.expo96.ad.jp Sat Aug 10 23:56:17 1996 Received: from mail.tky007.tth.expo96.ad.jp (tky007.tth.expo96.ad.jp [133.246.32.58]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA17237 for ; Sat, 10 Aug 1996 23:56:15 -0700 (PDT) Received: (from masafumi@localhost) by mail.tky007.tth.expo96.ad.jp (8.7.5/3.4W4-SMTP) id PAA01509; Sun, 11 Aug 1996 15:55:49 +0900 (JST) Message-Id: <199608110655.PAA01509@mail.tky007.tth.expo96.ad.jp> Date: Sun, 11 Aug 1996 15:55:49 +0900 (JST) From: max@sfc.wide.ad.jp Reply-To: max@sfc.wide.ad.jp To: FreeBSD-gnats-submit@freebsd.org Subject: Non-super-users cannot use traceroute X-Send-Pr-Version: 3.2 >Number: 1489 >Category: bin >Synopsis: Non-super-users cannot use traceroute >Confidential: no >Severity: non-critical >Priority: medium >Responsible: fenner >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 11 00:00:01 PDT 1996 >Closed-Date: Tue Aug 13 09:29:15 PDT 1996 >Last-Modified: Tue Aug 13 09:30:30 PDT 1996 >Originator: Masafumi NAKANE >Release: FreeBSD 2.2-CURRENT i386 >Organization: >Environment: >Description: In /usr/src/usr.sbin/traceroute/traceroute.c, setuid(getuid()) is performed before creating a raw socket which is to send out udp packet, and thus, non-super-user cannot use the command. >How-To-Repeat: As non-super-user: % traceroute some.host.domain >Fix: Either create sndsock much earlier in the program (before setuid(getuid()), or do setuid(getuid()) later in the program. Since it seems recent modification to the program was meant to make it more secure by putting setuid(getuid()) earlier in the program to get rid of the privilege, I suppose former solution should be taken. I attach my quick and dirty hack here, as it might be any use by chance. This is a patch to: Header: /home/ncvs/src/usr.sbin/traceroute/traceroute.c,v 1.6 1996/08/09 06:00:53 fenner Exp *** traceroute.c.orig Sat Aug 10 11:08:59 1996 --- traceroute.c Sun Aug 11 15:28:03 1996 *************** *** 307,312 **** --- 307,317 ---- sockerrno = errno; } + if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { + perror("traceroute: raw socket"); + exit(5); + } + setuid(getuid()); oix = optlist; *************** *** 475,485 **** if (options & SO_DONTROUTE) (void) setsockopt(s, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)); - - if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { - perror("traceroute: raw socket"); - exit(5); - } if (lsrr > 0) { lsrr++; --- 480,485 ---- >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: fenner State-Changed-When: Tue Aug 13 09:29:15 PDT 1996 State-Changed-Why: Fixed in rev 1.7 of traceroute.c Responsible-Changed-From-To: freebsd-bugs->fenner Responsible-Changed-By: fenner Responsible-Changed-When: Tue Aug 13 09:29:15 PDT 1996 Responsible-Changed-Why: fenner wrote the bug >Unformatted: