[bug-inetutils] [PATCH] traceroute: Remove geteuid test.

Tue, 25 Jan 2011 04:01:14 -0800 

Dear all,

the present code "src/traceroute.c" contains a test that the
effective user be "root" at execution time. The corresponding
test is lacking in "ping/ping.c" and "ping/ping6.c". The outcome
is that in GNU/Linux

   setcap cap_net_raw=ep ping/ping
   setcap cap_net_raw=ep ping/ping6

provide full functionality without use of the set-uid-bit.
In contrast,

   setcap cap_net_raw=ep src/traceroute

does not have any effect, since the code aborts prior
to the use of the relevant capability.

Using the following patch, any distributor or administrator
gets the option of continued use of the set-uid-bit, or a new
use of file capabilities for either of

    ping, ping6, or traceroute

when built from our sources.


Best regards,
  Mats

From 06ba111fdb44596c0a8e5a038809b0056991821e Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson <[email protected]>
Date: Tue, 25 Jan 2011 12:42:03 +0100
Subject: [PATCH] traceroute: Remove test of effective UID.

The evaluation of geteuid() is removed in order to
better accomodate systems using file capabilities.
---
 ChangeLog        |    4 ++++
 src/traceroute.c |    3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b77093a..39603a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2011-01-25  Mats Erik Andersson <[email protected]>
 
+	* src/traceroute.c (main): Remove test on getuid().
+
+2011-01-25  Mats Erik Andersson <[email protected]>
+
 	* src/logger.c (host_family) [HAVE_DECL_GETADDRINFO]: New variable.
 	(struct logger_sockaddr) [HAVE_IPV6]: New component SINET6.
 	(open_socket) [HAVE_DECL_GETADDRINFO]: Implement new code based
diff --git a/src/traceroute.c b/src/traceroute.c
index 7605284..d585497 100644
--- a/src/traceroute.c
+++ b/src/traceroute.c
@@ -199,9 +199,6 @@ main (int argc, char **argv)
       || getaddrinfo (hostname, NULL, &hints, &res))
     error (EXIT_FAILURE, 0, "unknown host");
 
-  if (geteuid () != 0)
-    error (EXIT_FAILURE, EPERM, "insufficient permissions");
-
   memcpy (&dest, res->ai_addr, res->ai_addrlen);
   dest.sin_port = htons (opt_port);
 
-- 
1.7.2.3

Attachment: signature.asc
Description: Digital signature

Reply via email to