diff options
| -rw-r--r-- | sbin/ping/ping.c | 11 | ||||
| -rw-r--r-- | usr.sbin/traceroute/traceroute.c | 12 |
2 files changed, 17 insertions, 6 deletions
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index b3b7d6ba8d6..d8fb0812ce7 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping.c,v 1.234 2018/11/13 14:30:36 dhill Exp $ */ +/* $OpenBSD: ping.c,v 1.235 2019/03/19 23:27:49 tedu Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -283,9 +283,9 @@ main(int argc, char *argv[]) uid = getuid(); gid = getgid(); } - if (setgroups(1, &gid) || + if (ouid && (setgroups(1, &gid) || setresgid(gid, gid, gid) || - setresuid(uid, uid, uid)) + setresuid(uid, uid, uid))) err(1, "unable to revoke privs"); preload = 0; @@ -429,6 +429,11 @@ main(int argc, char *argv[]) } } + if (ouid == 0 && (setgroups(1, &gid) || + setresgid(gid, gid, gid) || + setresuid(uid, uid, uid))) + err(1, "unable to revoke privs"); + argc -= optind; argv += optind; diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c index 5ebb3df5573..c88ae555434 100644 --- a/usr.sbin/traceroute/traceroute.c +++ b/usr.sbin/traceroute/traceroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: traceroute.c,v 1.159 2018/11/12 00:26:30 dlg Exp $ */ +/* $OpenBSD: traceroute.c,v 1.160 2019/03/19 23:27:50 tedu Exp $ */ /* $NetBSD: traceroute.c,v 1.10 1995/05/21 15:50:45 mycroft Exp $ */ /* @@ -366,9 +366,9 @@ main(int argc, char *argv[]) uid = getuid(); gid = getgid(); } - if (setgroups(1, &gid) || + if (ouid && (setgroups(1, &gid) || setresgid(gid, gid, gid) || - setresuid(uid, uid, uid)) + setresuid(uid, uid, uid))) err(1, "unable to revoke privs"); if (strcmp("traceroute6", __progname) == 0) { @@ -559,6 +559,12 @@ main(int argc, char *argv[]) default: usage(v6flag); } + + if (ouid == 0 && (setgroups(1, &gid) || + setresgid(gid, gid, gid) || + setresuid(uid, uid, uid))) + err(1, "unable to revoke privs"); + argc -= optind; argv += optind; |