diff options
author | Christian Grothoff <christian@grothoff.org> | 2010-02-06 23:23:14 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2010-02-06 23:23:14 +0000 |
commit | 8721bed1d8c889b98020870d5453e6648355b3bd (patch) | |
tree | 98dedbc4d9b19186a83bf9b6ea3f97cce5cb4d43 /src | |
parent | 94229794b52dd866fe7d27ffbed20da18934087d (diff) | |
download | gnunet-8721bed1d8c889b98020870d5453e6648355b3bd.tar.gz gnunet-8721bed1d8c889b98020870d5453e6648355b3bd.zip |
SUID comments, review
Diffstat (limited to 'src')
-rw-r--r-- | src/transport/Makefile.am | 16 | ||||
-rw-r--r-- | src/transport/gnunet-nat-client.c | 15 | ||||
-rw-r--r-- | src/transport/gnunet-nat-server.c | 15 |
3 files changed, 45 insertions, 1 deletions
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index 4294075fa..afcd60bc5 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am | |||
@@ -10,6 +10,13 @@ if USE_COVERAGE | |||
10 | AM_CFLAGS = --coverage -O0 | 10 | AM_CFLAGS = --coverage -O0 |
11 | endif | 11 | endif |
12 | 12 | ||
13 | if LINUX | ||
14 | NATBIN = gnunet-nat-server gnunet-nat-client | ||
15 | install-exec-hook: | ||
16 | chown root $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client || true | ||
17 | chmod u+s $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client || true | ||
18 | endif | ||
19 | |||
13 | 20 | ||
14 | lib_LTLIBRARIES = \ | 21 | lib_LTLIBRARIES = \ |
15 | libgnunettransport.la | 22 | libgnunettransport.la |
@@ -29,7 +36,14 @@ libgnunettransport_la_LDFLAGS = \ | |||
29 | 36 | ||
30 | bin_PROGRAMS = \ | 37 | bin_PROGRAMS = \ |
31 | gnunet-transport \ | 38 | gnunet-transport \ |
32 | gnunet-service-transport | 39 | gnunet-service-transport $(NATBIN) |
40 | |||
41 | |||
42 | gnunet_nat_server_SOURCES = \ | ||
43 | gnunet-nat-server.c | ||
44 | |||
45 | gnunet_nat_client_SOURCES = \ | ||
46 | gnunet-nat-client.c | ||
33 | 47 | ||
34 | 48 | ||
35 | gnunet_transport_SOURCES = \ | 49 | gnunet_transport_SOURCES = \ |
diff --git a/src/transport/gnunet-nat-client.c b/src/transport/gnunet-nat-client.c index ba99c8816..42af5ca77 100644 --- a/src/transport/gnunet-nat-client.c +++ b/src/transport/gnunet-nat-client.c | |||
@@ -23,6 +23,21 @@ | |||
23 | * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) | 23 | * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) |
24 | * This code will work under GNU/Linux only. | 24 | * This code will work under GNU/Linux only. |
25 | * @author Christian Grothoff | 25 | * @author Christian Grothoff |
26 | * | ||
27 | * This program will send ONE ICMP message using RAW sockets | ||
28 | * to the IP address specified as the second argument. Since | ||
29 | * it uses RAW sockets, it must be installed SUID or run as 'root'. | ||
30 | * In order to keep the security risk of the resulting SUID binary | ||
31 | * minimal, the program ONLY opens the RAW socket with root | ||
32 | * priviledges, then drops them and only then starts to process | ||
33 | * command line arguments. The code also does not link against | ||
34 | * any shared libraries (except libc) and is strictly minimal | ||
35 | * (except for checking for errors). The following list of people | ||
36 | * have reviewed this code and considered it safe since the last | ||
37 | * modification (if you reviewed it, please have your name added | ||
38 | * to the list): | ||
39 | * | ||
40 | * - Christian Grothoff | ||
26 | */ | 41 | */ |
27 | #define _GNU_SOURCE | 42 | #define _GNU_SOURCE |
28 | #include <sys/types.h> | 43 | #include <sys/types.h> |
diff --git a/src/transport/gnunet-nat-server.c b/src/transport/gnunet-nat-server.c index 225c0af5f..333c0d642 100644 --- a/src/transport/gnunet-nat-server.c +++ b/src/transport/gnunet-nat-server.c | |||
@@ -23,6 +23,21 @@ | |||
23 | * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) | 23 | * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) |
24 | * This code will work under GNU/Linux only (or maybe BSDs, but never W32) | 24 | * This code will work under GNU/Linux only (or maybe BSDs, but never W32) |
25 | * @author Christian Grothoff | 25 | * @author Christian Grothoff |
26 | * | ||
27 | * This program will send ONE ICMP message every 500 ms RAW sockets | ||
28 | * to a DUMMY IP address and also listens for ICMP replies. Since | ||
29 | * it uses RAW sockets, it must be installed SUID or run as 'root'. | ||
30 | * In order to keep the security risk of the resulting SUID binary | ||
31 | * minimal, the program ONLY opens the two RAW sockets with root | ||
32 | * priviledges, then drops them and only then starts to process | ||
33 | * command line arguments. The code also does not link against | ||
34 | * any shared libraries (except libc) and is strictly minimal | ||
35 | * (except for checking for errors). The following list of people | ||
36 | * have reviewed this code and considered it safe since the last | ||
37 | * modification (if you reviewed it, please have your name added | ||
38 | * to the list): | ||
39 | * | ||
40 | * - Christian Grothoff | ||
26 | */ | 41 | */ |
27 | #define _GNU_SOURCE | 42 | #define _GNU_SOURCE |
28 | #include <sys/types.h> | 43 | #include <sys/types.h> |