does this patch make sense?

2013-11-07 Thread Peter J. Philipp
Just for extra paranoia's sake? Against 5.4 sources. -peter diff -u -p -u -r1.82 traceroute.c --- traceroute.c10 Feb 2012 23:05:54 - 1.82 +++ traceroute.c7 Nov 2013 14:36:44 - @@ -310,6 +310,7 @@ main(int argc, char *argv[]) const char *errstr; long

Re: does this patch make sense?

2013-11-07 Thread Peter J. Philipp
On 11/07/13 15:41, Peter J. Philipp wrote: Just for extra paranoia's sake? Against 5.4 sources. -peter diff -u -p -u -r1.82 traceroute.c --- traceroute.c10 Feb 2012 23:05:54 - 1.82 +++ traceroute.c7 Nov 2013 14:36:44 - @@ -310,6 +310,7 @@ main(int argc, char

Re: does this patch make sense?

2013-11-07 Thread Ted Unangst
On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: + gid = getgid(); + + if (setgroups(1, gid) == -1) + err(1, setgroups); + + if (setresgid(gid, gid, gid) == -1) + err(1, setresgid); + if (setresuid(uid, uid, uid) == -1)

Re: does this patch make sense?

2013-11-07 Thread Otto Moerbeek
On Thu, Nov 07, 2013 at 11:32:48AM -0500, Ted Unangst wrote: On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: + gid = getgid(); + + if (setgroups(1, gid) == -1) + err(1, setgroups); + + if (setresgid(gid, gid, gid) == -1) +

Re: does this patch make sense?

2013-11-07 Thread Peter J. Philipp
On 11/07/13 17:32, Ted Unangst wrote: On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: + gid = getgid(); + + if (setgroups(1, gid) == -1) + err(1, setgroups); + + if (setresgid(gid, gid, gid) == -1) + err(1, setresgid); + if

Re: does this patch make sense?

2013-11-07 Thread Peter J. Philipp
On 11/07/13 17:48, Otto Moerbeek wrote: On Thu, Nov 07, 2013 at 11:32:48AM -0500, Ted Unangst wrote: On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: + gid = getgid(); + + if (setgroups(1, gid) == -1) + err(1, setgroups); + + if (setresgid(gid, gid,

Re: does this patch make sense?

2013-11-07 Thread Peter J. Philipp
On 11/07/13 20:33, Peter J. Philipp wrote: On 11/07/13 17:48, Otto Moerbeek wrote: On Thu, Nov 07, 2013 at 11:32:48AM -0500, Ted Unangst wrote: On Thu, Nov 07, 2013 at 17:19, Peter J. Philipp wrote: + gid = getgid(); + + if (setgroups(1, gid) == -1) + err(1,

Re: does this patch make sense?

2013-11-07 Thread Ted Unangst
On Thu, Nov 07, 2013 at 17:48, Otto Moerbeek wrote: - for (t = toskeywords; t-keyword != NULL; t++) { - if (strcmp(s, t-keyword) == 0) { - *val = t-val; - return (1); - } - } + t = bsearch(s,

Re: does this patch make sense?

2013-11-07 Thread Otto Moerbeek
On Thu, Nov 07, 2013 at 04:35:46PM -0500, Ted Unangst wrote: On Thu, Nov 07, 2013 at 17:48, Otto Moerbeek wrote: - for (t = toskeywords; t-keyword != NULL; t++) { - if (strcmp(s, t-keyword) == 0) { - *val = t-val; -

Re: does this patch make sense?

2013-11-07 Thread Ted Unangst
On Thu, Nov 07, 2013 at 17:54, Peter J. Philipp wrote: OK I'll stop abusing. Here is my reasoning for the setgid change. Pretend there is a way to break into the binary by means of the socket, then I thought it'd be neat if it was disallowed to write into groups that a user was in at the