diff --git a/fping-2.4b2_to-ipv6-capnetraw.patch b/fping-2.4b2_to-ipv6-capnetraw.patch new file mode 100644 index 0000000..44d4fb6 --- /dev/null +++ b/fping-2.4b2_to-ipv6-capnetraw.patch @@ -0,0 +1,64 @@ +diff -up fping-2.4b2_to-ipv6/fping.8.capnetraw fping-2.4b2_to-ipv6/fping.8 +--- fping-2.4b2_to-ipv6/fping.8.capnetraw 2002-01-20 20:05:48.000000000 -0500 ++++ fping-2.4b2_to-ipv6/fping.8 2011-09-04 16:14:03.782482153 -0400 +@@ -88,10 +88,7 @@ fping a list of IP addresses as input an + .IP \fB-e\fR 5 + Show elapsed (round-trip) time of packets. + .IP \fB-f\fR 5 +-Read list of targets from a file. This option can only be used by the +-root user. Regular users should pipe in the file via stdin: +- +-% fping < targets_file ++Read list of targets from a file. + + .IP \fB-g\fR 5 + Generate a target list from a supplied IP netmask, or a starting and ending IP. +@@ -203,11 +200,9 @@ command line arguments, and 4 for a syst + Ha! If we knew of any we would have fixed them! + .SH RESTRICTIONS + If certain options are used (i.e, a low value for -i and -t, and a +-high value for -r) it is possible to flood the network. This program +-must be installed as setuid root in order to open up a raw socket, +-or must be run by root. In order to stop mere mortals from hosing the +-network (when fping is installed setuid root) , normal users can't specify +-the following: ++high value for -r) it is possible to flood the network. In order to ++stop mere mortals from hosing the network (when fping is installed ++setuid root), normal users can't specify the following: + .nf + + -i n where n < 10 msec +diff -up fping-2.4b2_to-ipv6/fping.c.capnetraw fping-2.4b2_to-ipv6/fping.c +--- fping-2.4b2_to-ipv6/fping.c.capnetraw 2011-09-04 15:06:08.800668963 -0400 ++++ fping-2.4b2_to-ipv6/fping.c 2011-09-04 15:11:15.256781273 -0400 +@@ -410,17 +410,6 @@ int main( int argc, char **argv ) + int advance; + struct protoent *proto; + char *buf; +- uid_t uid; +- /* check if we are root */ +- +- if( geteuid() ) +- { +- fprintf( stderr, +- "This program can only be run by root, or it must be setuid root.\n" ); +- +- exit( 3 ); +- +- }/* IF */ + + /* confirm that ICMP is available on this machine */ + #ifndef IPV6 +@@ -508,12 +497,6 @@ int main( int argc, char **argv ) + #endif + #endif + +- if( ( uid = getuid() ) ) +- { +- seteuid( getuid() ); +- +- }/* IF */ +- + prog = argv[0]; + ident = getpid() & 0xFFFF; + diff --git a/fping.spec b/fping.spec index 3fe4b28..9bd5edd 100644 --- a/fping.spec +++ b/fping.spec @@ -1,6 +1,12 @@ +%if 0%{?fedora} < 15 +%global use_capnetraw 0 +%else +%global use_capnetraw 1 +%endif + Name: fping Version: 2.4b2 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Scriptable, parallelized ping-like utility Group: Applications/Internet License: BSD with advertising @@ -9,6 +15,7 @@ URL: http://www.fping.com/ # Source0: http://www.fping.com/download/%{name}-%{version}_to-ipv6.tar.gz Source0: %{name}-%{version}_to-ipv6.tar.gz Patch0: fping-2.4b2_ipv6-fix.diff +Patch1: fping-2.4b2_to-ipv6-capnetraw.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %description @@ -20,14 +27,17 @@ use in scripting in mind. %prep %setup -q -n %{name}-%{version}_to-ipv6 %patch0 -p1 -b .ipv6 +%if 0%{?use_capnetraw} +%patch1 -p1 -b .capnetraw +%endif %build %configure -make CFLAGS="-DIPV6 $RPM_OPT_FLAGS" +make CFLAGS="-DIPV6 %{?use_capnetraw:-DENABLE_F_OPTION} $RPM_OPT_FLAGS" mv fping fping6 make clean -make CFLAGS="$RPM_OPT_FLAGS" +make CFLAGS="%{?use_capnetraw:-DENABLE_F_OPTION} $RPM_OPT_FLAGS" %install rm -rf $RPM_BUILD_ROOT @@ -40,11 +50,21 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc ChangeLog COPYING README -%attr(4755,root,root) %{_sbindir}/fping -%attr(4755,root,root) %{_sbindir}/fping6 +%if 0%{?use_capnetraw} +%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/fping +%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/fping6 +%else +%attr(4711,root,root) %{_sbindir}/fping +%attr(4711,root,root) %{_sbindir}/fping6 +%endif %{_mandir}/man8/* %changelog +* Sun Sep 04 2011 Charles R. Anderson - 2.4b2-12 +- remove SUID and add CAP_NET_RAW instead on Fedora 15 and newer (rhbz#646466) +- allow -f option for non-root on Fedora 15 and newer +- remove read permissions on binaries for Fedora 14 and older + * Tue Feb 08 2011 Fedora Release Engineering - 2.4b2-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild