Date: Tue, 2 Oct 2012 21:21:58 GMT From: Erik Cederstrand <erik@cederstrand.dk> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/172289: Check return value of setuid() Message-ID: <201210022121.q92LLwMn018106@red.freebsd.org> Resent-Message-ID: <201210022130.q92LUBJp027050@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 172289 >Category: bin >Synopsis: Check return value of setuid() >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 02 21:30:10 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Erik Cederstrand >Release: CURRENT >Organization: >Environment: >Description: When dropping root privileges, ping doesn't check the return value of setuid(). If setuid() fails, which it can do for a number of reasons, root privileges are not dropped. This is a privilege escalation. >How-To-Repeat: >Fix: Check return value of setuid and abort if it fails. Patch attached with submission follows: Index: ping.c =================================================================== --- ping.c (revision 240960) +++ ping.c (working copy) @@ -255,7 +255,8 @@ s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); sockerrno = errno; - setuid(getuid()); + if (setuid(getuid()) != 0) + err(EX_NOPERM, "setuid() failed"); uid = getuid(); alarmtimeout = df = preload = tos = 0; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210022121.q92LLwMn018106>