From: Florian Forster Date: Tue, 29 Sep 2009 15:44:05 +0000 (+0200) Subject: oping: Disable the “-f” option when real and effective user IDs don't match. X-Git-Tag: liboping-1.3.3~3 X-Git-Url: https://git.verplant.org/?a=commitdiff_plain;h=da790aa6c6bc2f3e6f64713626bf709c35f7f83d;p=liboping.git oping: Disable the “-f” option when real and effective user IDs don't match. Thanks to Steve Kemp who reported this issue as Debian bug #548684. --- diff --git a/src/mans/oping.pod b/src/mans/oping.pod index 8a3cb58..fc8911d 100644 --- a/src/mans/oping.pod +++ b/src/mans/oping.pod @@ -58,6 +58,10 @@ Set the outgoing network device to use. Instead of specifying hostnames on the command line, read them from I. If I is B<->, read from C. +This option is only available if the real user ID (as returned by L) +and the effective user ID (as returned by L) match. This is meant +to avoid security issues when I is installed with the SUID-bit. + =back =head1 SEE ALSO diff --git a/src/oping.c b/src/oping.c index fc4cb5f..8419710 100644 --- a/src/oping.c +++ b/src/oping.c @@ -27,6 +27,7 @@ # include # include # include +# include #else # error "You don't have the standard C99 header files installed" #endif /* STDC_HEADERS */ @@ -133,6 +134,11 @@ static void usage_exit (const char *name, int status) exit (status); } +static _Bool is_setuid (void) +{ + return (getuid () != geteuid ()); +} + static int read_options (int argc, char **argv) { int optchar; @@ -164,6 +170,13 @@ static int read_options (int argc, char **argv) break; case 'f': + if (is_setuid ()) + { + fprintf (stderr, "For security reasons the `-f' option " + "is disabled if real and effective " + "user IDs don't match. Sorry.\n"); + } + else { if (opt_filename != NULL) free (opt_filename);