svn commit: r350857 - head/sbin/ping6
Alan Somers
asomers at FreeBSD.org
Sun Aug 11 15:22:54 UTC 2019
Author: asomers
Date: Sun Aug 11 15:22:53 2019
New Revision: 350857
URL: https://svnweb.freebsd.org/changeset/base/350857
Log:
ping6: Revoke root privilege earlier
It can be done just after the sockets have been created.
Submitted by: Ján Sučan <sucanjan at gmail.com>
MFC after: 2 weeks
Sponsored by: Google, inc. (Google Summer of Code 2019)
Differential Revision: https://reviews.freebsd.org/D21213
Modified:
head/sbin/ping6/ping6.c
Modified: head/sbin/ping6/ping6.c
==============================================================================
--- head/sbin/ping6/ping6.c Sun Aug 11 08:24:56 2019 (r350856)
+++ head/sbin/ping6/ping6.c Sun Aug 11 15:22:53 2019 (r350857)
@@ -659,6 +659,12 @@ main(int argc, char *argv[])
err(1, "socket srecv");
freeaddrinfo(res);
+ /* revoke root privilege */
+ if (seteuid(getuid()) != 0)
+ err(1, "seteuid() failed");
+ if (setuid(getuid()) != 0)
+ err(1, "setuid() failed");
+
/* set the source address if specified. */
if ((options & F_SRCADDR) != 0) {
/* properly fill sin6_scope_id */
@@ -728,12 +734,6 @@ main(int argc, char *argv[])
err(1, "setsockopt(IPV6_RECVRTHDRDSTOPTS)");
#endif
}
-
- /* revoke root privilege */
- if (seteuid(getuid()) != 0)
- err(1, "seteuid() failed");
- if (setuid(getuid()) != 0)
- err(1, "setuid() failed");
if ((options & F_FLOOD) && (options & F_INTERVAL))
errx(1, "-f and -i incompatible options");
More information about the svn-src-head
mailing list