-also minimizing SUID code here

author: Christian Grothoff <christian@grothoff.org> 2011-12-16 22:18:10 +0000
committer: Christian Grothoff <christian@grothoff.org> 2011-12-16 22:18:10 +0000
commit: b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de (patch)
tree: ee0c091bbea2b20cec228d2488c8bacfb8f7e095 /src/transport/gnunet-helper-transport-wlan.c
parent: 3b86b5c67188a7a585869d05573c47a4903bbd00 (diff)
download: gnunet-b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de.tar.gz
gnunet-b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de.zip
1 files changed, 32 insertions, 14 deletions
diff --git a/src/transport/gnunet-helper-transport-wlan.c b/src/transport/gnunet-helper-transport-wlan.c
index 0bc6d88ff..fcdd9d520 100644
--- a/src/transport/gnunet-helper-transport-wlan.c
+++ b/src/transport/gnunet-helper-transport-wlan.c
@@ -1412,12 +1412,6 @@ wlan_initialize (struct HardwareInfos *dev, const char *iface)
  struct stat sbuf;
  int ret;
-  dev->fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL));
-  if (0 > dev->fd_raw)
-  {
-    fprintf (stderr, "Failed to create raw socket: %s\n", strerror (errno));
-    return 1;
-  }
  if (dev->fd_raw >= FD_SETSIZE)
  {
    fprintf (stderr, "File descriptor too large for select (%d > %d)\n",
@@ -1559,22 +1553,46 @@ main (int argc, char *argv[])
  int retval;
  int stdin_open;
  struct MessageStreamTokenizer *stdin_mst;
+  int raw_eno;
+  dev.fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL));
+  raw_eno = errno; /* remember for later */
+  uid = getuid ();
+#ifdef HAVE_SETRESUID
+  if (0 != setresuid (uid, uid, uid))
+  {
+    fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
+    if (-1 != dev.fd_raw)
+      (void) close (dev.fd_raw);
+    return 1;
+  }
+#else
+  if (0 != (setuid (uid) | seteuid (uid)))
+  {
+    fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
+    if (-1 != dev.fd_raw)
+      (void) close (dev.fd_raw);
+    return 1;
+  }
+#endif
+  /* now that we've dropped root rights, we can do error checking */
  if (2 != argc)
  {
    fprintf (stderr,
             "You must specify the name of the interface as the first and only argument to this program.\n");
+    if (-1 != dev.fd_raw)
+      (void) close (dev.fd_raw);
    return 1;
  }
-  if (0 != wlan_initialize (&dev, argv[1]))
-    return 1;
+  if (-1 == dev.fd_raw)
-  uid = getuid ();
-  if (0 != setresuid (uid, uid, uid))
  {
-    fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
+    fprintf (stderr, "Failed to create raw socket: %s\n", strerror (raw_eno));
-    /* not critical, continue anyway */
+    return 1;
  }
+  if (0 != wlan_initialize (&dev, argv[1]))
+    return 1;
  dev.write_pout.size = 0;
  dev.write_pout.pos = 0;
  stdin_mst = mst_create (&stdin_send_hw, &dev);  
@@ -1705,7 +1723,7 @@ main (int argc, char *argv[])
  }
  /* Error handling, try to clean up a bit at least */
  mst_destroy (stdin_mst);
-  close (dev.fd_raw);
+  (void) close (dev.fd_raw);
  return 1;                     /* we never exit 'normally' */
 }
author	Christian Grothoff <christian@grothoff.org>	2011-12-16 22:18:10 +0000
committer	Christian Grothoff <christian@grothoff.org>	2011-12-16 22:18:10 +0000
commit	b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de (patch)
tree	ee0c091bbea2b20cec228d2488c8bacfb8f7e095 /src/transport/gnunet-helper-transport-wlan.c
parent	3b86b5c67188a7a585869d05573c47a4903bbd00 (diff)
download	gnunet-b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de.tar.gz gnunet-b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de.zip

diff --git a/src/transport/gnunet-helper-transport-wlan.c b/src/transport/gnunet-helper-transport-wlan.c index 0bc6d88ff..fcdd9d520 100644 --- a/src/transport/gnunet-helper-transport-wlan.c +++ b/src/transport/gnunet-helper-transport-wlan.c
@@ -1412,12 +1412,6 @@ wlan_initialize (struct HardwareInfos dev, const char iface)
1412	struct stat sbuf;	1412	struct stat sbuf;
1413	int ret;	1413	int ret;
1414		1414
1415	dev->fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL));
1416	if (0 > dev->fd_raw)
1417	{
1418	fprintf (stderr, "Failed to create raw socket: %s\n", strerror (errno));
1419	return 1;
1420	}
1421	if (dev->fd_raw >= FD_SETSIZE)	1415	if (dev->fd_raw >= FD_SETSIZE)
1422	{	1416	{
1423	fprintf (stderr, "File descriptor too large for select (%d > %d)\n",	1417	fprintf (stderr, "File descriptor too large for select (%d > %d)\n",
@@ -1559,22 +1553,46 @@ main (int argc, char *argv[])
1559	int retval;	1553	int retval;
1560	int stdin_open;	1554	int stdin_open;
1561	struct MessageStreamTokenizer *stdin_mst;	1555	struct MessageStreamTokenizer *stdin_mst;
		1556	int raw_eno;
1562		1557
		1558	dev.fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL));
		1559	raw_eno = errno; /* remember for later */
		1560	uid = getuid ();
		1561	#ifdef HAVE_SETRESUID
		1562	if (0 != setresuid (uid, uid, uid))
		1563	{
		1564	fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
		1565	if (-1 != dev.fd_raw)
		1566	(void) close (dev.fd_raw);
		1567	return 1;
		1568	}
		1569	#else
		1570	if (0 != (setuid (uid) \| seteuid (uid)))
		1571	{
		1572	fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
		1573	if (-1 != dev.fd_raw)
		1574	(void) close (dev.fd_raw);
		1575	return 1;
		1576	}
		1577	#endif
		1578
		1579	/* now that we've dropped root rights, we can do error checking */
1563	if (2 != argc)	1580	if (2 != argc)
1564	{	1581	{
1565	fprintf (stderr,	1582	fprintf (stderr,
1566	"You must specify the name of the interface as the first and only argument to this program.\n");	1583	"You must specify the name of the interface as the first and only argument to this program.\n");
		1584	if (-1 != dev.fd_raw)
		1585	(void) close (dev.fd_raw);
1567	return 1;	1586	return 1;
1568	}	1587	}
1569	if (0 != wlan_initialize (&dev, argv[1]))	1588
1570	return 1;	1589	if (-1 == dev.fd_raw)
1571	uid = getuid ();
1572	if (0 != setresuid (uid, uid, uid))
1573	{	1590	{
1574	fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));	1591	fprintf (stderr, "Failed to create raw socket: %s\n", strerror (raw_eno));
1575	/* not critical, continue anyway */	1592	return 1;
1576	}	1593	}
1577		1594	if (0 != wlan_initialize (&dev, argv[1]))
		1595	return 1;
1578	dev.write_pout.size = 0;	1596	dev.write_pout.size = 0;
1579	dev.write_pout.pos = 0;	1597	dev.write_pout.pos = 0;
1580	stdin_mst = mst_create (&stdin_send_hw, &dev);	1598	stdin_mst = mst_create (&stdin_send_hw, &dev);
@@ -1705,7 +1723,7 @@ main (int argc, char *argv[])
1705	}	1723	}
1706	/* Error handling, try to clean up a bit at least */	1724	/* Error handling, try to clean up a bit at least */
1707	mst_destroy (stdin_mst);	1725	mst_destroy (stdin_mst);
1708	close (dev.fd_raw);	1726	(void) close (dev.fd_raw);
1709	return 1; /* we never exit 'normally' */	1727	return 1; /* we never exit 'normally' */
1710	}	1728	}
1711		1729