diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-12-16 22:18:10 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-12-16 22:18:10 +0000 |
commit | b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de (patch) | |
tree | ee0c091bbea2b20cec228d2488c8bacfb8f7e095 /src/transport/gnunet-helper-transport-wlan.c | |
parent | 3b86b5c67188a7a585869d05573c47a4903bbd00 (diff) | |
download | gnunet-b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de.tar.gz gnunet-b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de.zip |
-also minimizing SUID code here
Diffstat (limited to 'src/transport/gnunet-helper-transport-wlan.c')
-rw-r--r-- | src/transport/gnunet-helper-transport-wlan.c | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/src/transport/gnunet-helper-transport-wlan.c b/src/transport/gnunet-helper-transport-wlan.c index 0bc6d88ff..fcdd9d520 100644 --- a/src/transport/gnunet-helper-transport-wlan.c +++ b/src/transport/gnunet-helper-transport-wlan.c | |||
@@ -1412,12 +1412,6 @@ wlan_initialize (struct HardwareInfos *dev, const char *iface) | |||
1412 | struct stat sbuf; | 1412 | struct stat sbuf; |
1413 | int ret; | 1413 | int ret; |
1414 | 1414 | ||
1415 | dev->fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL)); | ||
1416 | if (0 > dev->fd_raw) | ||
1417 | { | ||
1418 | fprintf (stderr, "Failed to create raw socket: %s\n", strerror (errno)); | ||
1419 | return 1; | ||
1420 | } | ||
1421 | if (dev->fd_raw >= FD_SETSIZE) | 1415 | if (dev->fd_raw >= FD_SETSIZE) |
1422 | { | 1416 | { |
1423 | fprintf (stderr, "File descriptor too large for select (%d > %d)\n", | 1417 | fprintf (stderr, "File descriptor too large for select (%d > %d)\n", |
@@ -1559,22 +1553,46 @@ main (int argc, char *argv[]) | |||
1559 | int retval; | 1553 | int retval; |
1560 | int stdin_open; | 1554 | int stdin_open; |
1561 | struct MessageStreamTokenizer *stdin_mst; | 1555 | struct MessageStreamTokenizer *stdin_mst; |
1556 | int raw_eno; | ||
1562 | 1557 | ||
1558 | dev.fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL)); | ||
1559 | raw_eno = errno; /* remember for later */ | ||
1560 | uid = getuid (); | ||
1561 | #ifdef HAVE_SETRESUID | ||
1562 | if (0 != setresuid (uid, uid, uid)) | ||
1563 | { | ||
1564 | fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno)); | ||
1565 | if (-1 != dev.fd_raw) | ||
1566 | (void) close (dev.fd_raw); | ||
1567 | return 1; | ||
1568 | } | ||
1569 | #else | ||
1570 | if (0 != (setuid (uid) | seteuid (uid))) | ||
1571 | { | ||
1572 | fprintf (stderr, "Failed to setuid: %s\n", strerror (errno)); | ||
1573 | if (-1 != dev.fd_raw) | ||
1574 | (void) close (dev.fd_raw); | ||
1575 | return 1; | ||
1576 | } | ||
1577 | #endif | ||
1578 | |||
1579 | /* now that we've dropped root rights, we can do error checking */ | ||
1563 | if (2 != argc) | 1580 | if (2 != argc) |
1564 | { | 1581 | { |
1565 | fprintf (stderr, | 1582 | fprintf (stderr, |
1566 | "You must specify the name of the interface as the first and only argument to this program.\n"); | 1583 | "You must specify the name of the interface as the first and only argument to this program.\n"); |
1584 | if (-1 != dev.fd_raw) | ||
1585 | (void) close (dev.fd_raw); | ||
1567 | return 1; | 1586 | return 1; |
1568 | } | 1587 | } |
1569 | if (0 != wlan_initialize (&dev, argv[1])) | 1588 | |
1570 | return 1; | 1589 | if (-1 == dev.fd_raw) |
1571 | uid = getuid (); | ||
1572 | if (0 != setresuid (uid, uid, uid)) | ||
1573 | { | 1590 | { |
1574 | fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno)); | 1591 | fprintf (stderr, "Failed to create raw socket: %s\n", strerror (raw_eno)); |
1575 | /* not critical, continue anyway */ | 1592 | return 1; |
1576 | } | 1593 | } |
1577 | 1594 | if (0 != wlan_initialize (&dev, argv[1])) | |
1595 | return 1; | ||
1578 | dev.write_pout.size = 0; | 1596 | dev.write_pout.size = 0; |
1579 | dev.write_pout.pos = 0; | 1597 | dev.write_pout.pos = 0; |
1580 | stdin_mst = mst_create (&stdin_send_hw, &dev); | 1598 | stdin_mst = mst_create (&stdin_send_hw, &dev); |
@@ -1705,7 +1723,7 @@ main (int argc, char *argv[]) | |||
1705 | } | 1723 | } |
1706 | /* Error handling, try to clean up a bit at least */ | 1724 | /* Error handling, try to clean up a bit at least */ |
1707 | mst_destroy (stdin_mst); | 1725 | mst_destroy (stdin_mst); |
1708 | close (dev.fd_raw); | 1726 | (void) close (dev.fd_raw); |
1709 | return 1; /* we never exit 'normally' */ | 1727 | return 1; /* we never exit 'normally' */ |
1710 | } | 1728 | } |
1711 | 1729 | ||