On Tue, Apr 15, 2008 at 05:56:36PM +0200, Martin Pels wrote: > On Tue, 15 Apr 2008 17:15:18 +0200 > Rogier Wolff <[EMAIL PROTECTED]> wrote: > > > On Tue, Apr 15, 2008 at 04:41:15PM +0200, Martin Pels wrote: > > > Depending on whether IP_HDRINCL is defined net_preopen() creates an > > > icmp and udp socket, or a single raw socket. > > > > > > If we have two sockets it is trivial to close them in > > > net_selectsocket(). This is actually what I did in the first > > > version of the patch I sent you last year (attached for > > > completeness). If we only have a single raw socket there is nothing > > > we need to close. > > > > > > Closing sockets will inevitably break the GUI "u" command, because > > > after we drop privileges we cannot open new sockets. So maybe we > > > should only enable this functionality when raw sockets are > > > available. > > > > OK. Why then was the opening of the sockets delayed to after the > > parsing of the cmdline? This is the problem: Lots of complicated code > > which might be exploited. I feel much more comfortable passing one (or > > two) open sockets down the line towards the rest of the code.... > > It is not. We open sockets on line 290, drop privileges on line > 295 and start parsing options and arguments on line 310.
In my version, I see the first executable lines in main to be: if ( ( net_preopen_result = net_preopen () ) ) { fprintf( stderr, "mtr: unable to get raw sockets.\n" ); and in your patch I see: @@ -322,8 +333,21 @@ struct sockaddr_in6 * sa6; #endif - /* Get the raw sockets first thing, so we can drop to user euid immediately */ + /* reset the random seed */ + srand (getpid()); + + display_detect(&argc, &argv); + + /* The field options are now in a static array all together, + but that requires a run-time initialization. -- REW */ + init_fld_options (); + + parse_mtr_options (getenv ("MTR_OPTIONS")); + + parse_arg (argc, argv); + /* get raw sockets ASAP, so we can drop to user euid immediately * + * we need to do this after parsing options, to know the proto */ if ( ( net_preopen_result = net_preopen () ) ) { fprintf( stderr, "mtr: unable to get raw sockets.\n" ); exit( EXIT_FAILURE ); which I read as: the "parse_arg, display_detect and parse_mtr_options have been moved to BEFORE opening the sockets and dropping privs. Roger. -- ** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2600998 ** ** Delftechpark 26 2628 XH Delft, The Netherlands. KVK: 27239233 ** *-- BitWizard writes Linux device drivers for any device you may have! --* Q: It doesn't work. A: Look buddy, doesn't work is an ambiguous statement. Does it sit on the couch all day? Is it unemployed? Please be specific! Define 'it' and what it isn't doing. --------- Adapted from lxrbot FAQ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]