[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] traceroute -- permissions, setuids, etc..
From: |
Debarshi Ray |
Subject: |
Re: [bug-inetutils] traceroute -- permissions, setuids, etc.. |
Date: |
Fri, 18 Apr 2008 17:48:54 +0530 |
> If you are sure that it will work, feel free to do so. But I recall
> that there are some switches or something that requires root privs for
> traceroute.
As far as I tested this patch takes care of all possible scenarios:
diff -urNp inetutils/traceroute/traceroute.c
inetutils-build/traceroute/traceroute.c
--- inetutils/traceroute/traceroute.c 2008-04-17 20:28:51.000000000 +0530
+++ inetutils-build/traceroute/traceroute.c 2008-04-18 16:49:11.000000000
+0530
@@ -68,6 +68,7 @@ int pid = 0;
struct hostent *host;
struct sockaddr_in dest;
+static enum trace_type opt_type = TRACE_ICMP;
int opt_port = 33434;
int opt_max_hops = 64;
static int opt_max_tries = 3;
@@ -90,6 +91,7 @@ static struct argp_option argp_options[]
{"resolve-hostnames", OPT_RESOLVE, NULL, 0, "Resolve hostnames", GRP+1},
{"tries", 'q', "NUM", 0, "Send NUM probe packets per hop (default: 3)",
GRP+1},
+ {"type", 'M', "METHOD", 0, "Use METHOD for traceroute operations", GRP+1},
#undef GRP
{NULL}
};
@@ -120,6 +122,17 @@ parse_opt (int key, char *arg, struct ar
error (EXIT_FAILURE, 0, "number of tries should be between 1 and 10");
break;
+ case 'M':
+ if (strcmp (arg, "icmp") == 0)
+ opt_type = TRACE_ICMP;
+ else if (strcmp (arg, "udp") == 0)
+ opt_type = TRACE_UDP;
+ else if (strcmp (arg, "1393") == 0)
+ opt_type = TRACE_1393;
+ else
+ error (EXIT_FAILURE, 0, "method should be one of `icmp',
`udp' or `1393'");
+ break;
+
case ARGP_KEY_ARG:
host_is_given = true;
host = gethostbyname (arg);
@@ -149,7 +162,7 @@ main (int argc, char **argv)
/* Parse command line */
argp_parse (&argp, argc, argv, 0, NULL, NULL);
- if (getuid () != 0)
+ if (geteuid () != 0)
error (EXIT_FAILURE, EPERM, "insufficient permissions");
dest.sin_addr = *(struct in_addr *) host->h_addr;
@@ -159,7 +172,7 @@ main (int argc, char **argv)
printf ("traceroute to %s (%s), %d hops max\n",
host->h_name, inet_ntoa (dest.sin_addr), opt_max_hops);
- trace_init (&trace, dest, TRACE_ICMP);
+ trace_init (&trace, dest, opt_type);
int hop = 1;
while (!stop)
Here is how it is now, with a setuid root binary:
address@hidden bin]$ ls -l traceroute
-rwsrwxr-x 1 root root 33804 Apr 18 17:38 traceroute
address@hidden bin]$ ./traceroute gnu.org
./traceroute: insufficient permissions: Operation not permitted
Here is what we get after applying the patch, with a setuid root binary:
address@hidden bin]$ ls -l traceroute
-rwsrwxr-x 1 root root 33805 Apr 18 17:42 traceroute
address@hidden bin]$ ./traceroute gnu.org
traceroute to gnu.org (199.232.41.10), 64 hops max
1 125.19.66.33 (125.19.66.33) 0.875ms 0.445ms 0.473ms
2 125.19.65.13 (125.19.65.13) 21.581ms 18.955ms 19.004ms
3 125.21.167.74 (125.21.167.74) 81.880ms 78.050ms 77.925ms
4 4.78.198.13 (4.78.198.13) 289.551ms 289.798ms
[...]
address@hidden bin]$ ./traceroute -M icmp gnu.org
traceroute to gnu.org (199.232.41.10), 64 hops max
1 125.19.66.33 (125.19.66.33) 39.373ms 4.437ms 0.478ms
2 125.19.65.13 (125.19.65.13) 19.200ms 18.959ms 20.457ms
3 125.21.167.74 (125.21.167.74) 81.548ms 77.674ms 79.051ms
4 4.78.198.13 (4.78.198.13) 297.801ms 290.923ms 290.038ms
[...]
address@hidden bin]$ ./traceroute -M udp gnu.org
traceroute to gnu.org (199.232.41.10), 64 hops max
1 125.19.66.33 (125.19.66.33) 0.867ms 0.436ms 0.354ms
2 125.19.65.13 (125.19.65.13) 19.069ms 18.960ms 23.076ms
3 125.21.167.74 (125.21.167.74) 79.041ms 77.792ms 77.804ms
4 4.78.198.13 (4.78.198.13) 289.924ms 289.911ms
Here is what we get after applying the patch, with a non-setuid binary:
address@hidden inetutils-20080418]$ ls -l traceroute/traceroute
-rwxrwxr-x 1 boni boni 33805 Apr 18 17:41 traceroute/traceroute
address@hidden inetutils-20080418]$ traceroute/traceroute gnu.org
traceroute/traceroute: insufficient permissions: Operation not permitted
Happy hacking,
Debarshi
--
"From what we get, we can make a living; what we give, however, makes a life."
-- Arthur Ashe
- [bug-inetutils] traceroute -- permissions, setuids, etc.., Debarshi Ray, 2008/04/17
- Re: [bug-inetutils] traceroute -- permissions, setuids, etc.., Alfred M. Szmidt, 2008/04/18
- Re: [bug-inetutils] traceroute -- permissions, setuids, etc..,
Debarshi Ray <=
- Re: [bug-inetutils] traceroute -- permissions, setuids, etc.., Alfred M. Szmidt, 2008/04/18
- Re: [bug-inetutils] traceroute -- permissions, setuids, etc.., Debarshi Ray, 2008/04/18
- Re: [bug-inetutils] traceroute -- permissions, setuids, etc.., Debarshi Ray, 2008/04/18
- Re: [bug-inetutils] traceroute -- permissions, setuids, etc.., Alfred M. Szmidt, 2008/04/19