Re: [bug-inetutils] traceroute -- permissions, setuids, etc..

[Debarshi Ray]

> If you are sure that it will work, feel free to do so. But I recall
>  that there are some switches or something that requires root privs for
>  traceroute.

As far as I tested this patch takes care of all possible scenarios:

diff -urNp inetutils/traceroute/traceroute.c
inetutils-build/traceroute/traceroute.c
--- inetutils/traceroute/traceroute.c   2008-04-17 20:28:51.000000000 +0530
+++ inetutils-build/traceroute/traceroute.c     2008-04-18 16:49:11.000000000 
+0530
@@ -68,6 +68,7 @@ int pid = 0;
 struct hostent *host;
 struct sockaddr_in dest;

+static enum trace_type opt_type = TRACE_ICMP;
 int opt_port = 33434;
 int opt_max_hops = 64;
 static int opt_max_tries = 3;
@@ -90,6 +91,7 @@ static struct argp_option argp_options[]
   {"resolve-hostnames", OPT_RESOLVE, NULL, 0, "Resolve hostnames", GRP+1},
   {"tries", 'q', "NUM", 0, "Send NUM probe packets per hop (default: 3)",
    GRP+1},
+  {"type", 'M', "METHOD", 0, "Use METHOD for traceroute operations", GRP+1},
 #undef GRP
   {NULL}
 };
@@ -120,6 +122,17 @@ parse_opt (int key, char *arg, struct ar
         error (EXIT_FAILURE, 0, "number of tries should be between 1 and 10");
       break;

+    case 'M':
+      if (strcmp (arg, "icmp") == 0)
+        opt_type = TRACE_ICMP;
+      else if (strcmp (arg, "udp") == 0)
+        opt_type = TRACE_UDP;
+      else if (strcmp (arg, "1393") == 0)
+        opt_type = TRACE_1393;
+      else
+        error (EXIT_FAILURE, 0, "method should be one of `icmp',
`udp' or `1393'");
+      break;
+
     case ARGP_KEY_ARG:
       host_is_given = true;
       host = gethostbyname (arg);
@@ -149,7 +162,7 @@ main (int argc, char **argv)
   /* Parse command line */
   argp_parse (&argp, argc, argv, 0, NULL, NULL);

-  if (getuid () != 0)
+  if (geteuid () != 0)
     error (EXIT_FAILURE, EPERM, "insufficient permissions");

   dest.sin_addr = *(struct in_addr *) host->h_addr;
@@ -159,7 +172,7 @@ main (int argc, char **argv)
   printf ("traceroute to %s (%s), %d hops max\n",
          host->h_name, inet_ntoa (dest.sin_addr), opt_max_hops);

-  trace_init (&trace, dest, TRACE_ICMP);
+  trace_init (&trace, dest, opt_type);

   int hop = 1;
   while (!stop)


Here is how it is now, with a setuid root binary:
address@hidden bin]$ ls -l traceroute
-rwsrwxr-x  1 root root 33804 Apr 18 17:38 traceroute
address@hidden bin]$ ./traceroute gnu.org
./traceroute: insufficient permissions: Operation not permitted

Here is what we get after applying the patch, with a setuid root binary:
address@hidden bin]$ ls -l traceroute
-rwsrwxr-x  1 root root 33805 Apr 18 17:42 traceroute
address@hidden bin]$ ./traceroute gnu.org
traceroute to gnu.org (199.232.41.10), 64 hops max
 1   125.19.66.33 (125.19.66.33) 0.875ms 0.445ms 0.473ms
 2   125.19.65.13 (125.19.65.13) 21.581ms 18.955ms 19.004ms
 3   125.21.167.74 (125.21.167.74) 81.880ms 78.050ms 77.925ms
 4   4.78.198.13 (4.78.198.13) 289.551ms 289.798ms
[...]
address@hidden bin]$ ./traceroute -M icmp  gnu.org
traceroute to gnu.org (199.232.41.10), 64 hops max
 1   125.19.66.33 (125.19.66.33) 39.373ms 4.437ms 0.478ms
 2   125.19.65.13 (125.19.65.13) 19.200ms 18.959ms 20.457ms
 3   125.21.167.74 (125.21.167.74) 81.548ms 77.674ms 79.051ms
 4   4.78.198.13 (4.78.198.13) 297.801ms 290.923ms 290.038ms
[...]
address@hidden bin]$ ./traceroute -M udp gnu.org
traceroute to gnu.org (199.232.41.10), 64 hops max
 1   125.19.66.33 (125.19.66.33) 0.867ms 0.436ms 0.354ms
 2   125.19.65.13 (125.19.65.13) 19.069ms 18.960ms 23.076ms
 3   125.21.167.74 (125.21.167.74) 79.041ms 77.792ms 77.804ms
 4   4.78.198.13 (4.78.198.13) 289.924ms 289.911ms

Here is what we get after applying the patch, with a non-setuid binary:
address@hidden inetutils-20080418]$ ls -l traceroute/traceroute
-rwxrwxr-x  1 boni boni 33805 Apr 18 17:41 traceroute/traceroute
address@hidden inetutils-20080418]$ traceroute/traceroute gnu.org
traceroute/traceroute: insufficient permissions: Operation not permitted

Happy hacking,
Debarshi
-- 
"From what we get, we can make a living; what we give, however, makes a life."
    -- Arthur Ashe