rpms
/
fping
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove SUID and add CAP_NET_RAW instead on Fedora 15 and newer (rhbz#646466)

Browse Source 
allow -f option for non-root on Fedora 15 and newer
remove read permissions on binaries for Fedora 14 and older
epel9
Chuck Anderson 14 years ago
parent df418b7209
commit 29242ef7a2
2 changed files with 89 additions and 5 deletions
Show Stats Download Patch File Download Diff File

64
fping-2.4b2_to-ipv6-capnetraw.patch
Unescape View File

@ -0,0 +1,64 @@
diff -up fping-2.4b2_to-ipv6/fping.8.capnetraw fping-2.4b2_to-ipv6/fping.8
--- fping-2.4b2_to-ipv6/fping.8.capnetraw 2002-01-20 20:05:48.000000000 -0500
+++ fping-2.4b2_to-ipv6/fping.8 2011-09-04 16:14:03.782482153 -0400
@@ -88,10 +88,7 @@ fping a list of IP addresses as input an
.IP \fB-e\fR 5
Show elapsed (round-trip) time of packets.
.IP \fB-f\fR 5
-Read list of targets from a file. This option can only be used by the
-root user. Regular users should pipe in the file via stdin:
-
-% fping < targets_file
+Read list of targets from a file.
.IP \fB-g\fR 5
Generate a target list from a supplied IP netmask, or a starting and ending IP.
@@ -203,11 +200,9 @@ command line arguments, and 4 for a syst
Ha! If we knew of any we would have fixed them!
.SH RESTRICTIONS
If certain options are used (i.e, a low value for -i and -t, and a
-high value for -r) it is possible to flood the network. This program
-must be installed as setuid root in order to open up a raw socket,
-or must be run by root. In order to stop mere mortals from hosing the
-network (when fping is installed setuid root) , normal users can't specify
-the following:
+high value for -r) it is possible to flood the network. In order to
+stop mere mortals from hosing the network (when fping is installed
+setuid root), normal users can't specify the following:
.nf
-i n where n < 10 msec
diff -up fping-2.4b2_to-ipv6/fping.c.capnetraw fping-2.4b2_to-ipv6/fping.c
--- fping-2.4b2_to-ipv6/fping.c.capnetraw 2011-09-04 15:06:08.800668963 -0400
+++ fping-2.4b2_to-ipv6/fping.c 2011-09-04 15:11:15.256781273 -0400
@@ -410,17 +410,6 @@ int main( int argc, char **argv )
int advance;
struct protoent *proto;
char *buf;
- uid_t uid;
- /* check if we are root */
-
- if( geteuid() )
- {
- fprintf( stderr,
- "This program can only be run by root, or it must be setuid root.\n" );
-
- exit( 3 );
-
- }/* IF */
/* confirm that ICMP is available on this machine */
#ifndef IPV6
@@ -508,12 +497,6 @@ int main( int argc, char **argv )
#endif
#endif
- if( ( uid = getuid() ) )
- {
- seteuid( getuid() );
-
- }/* IF */
-
prog = argv[0];
ident = getpid() & 0xFFFF;

30
fping.spec
Unescape View File

@ -1,6 +1,12 @@
%if 0%{?fedora} < 15
%global use_capnetraw 0
%else
%global use_capnetraw 1
%endif
Name: fping Name: fping
Version: 2.4b2 Version: 2.4b2
Release: 11%{?dist} Release: 12%{?dist}
Summary: Scriptable, parallelized ping-like utility Summary: Scriptable, parallelized ping-like utility
Group: Applications/Internet Group: Applications/Internet
License: BSD with advertising License: BSD with advertising
@ -9,6 +15,7 @@ URL: http://www.fping.com/
# Source0: http://www.fping.com/download/%{name}-%{version}_to-ipv6.tar.gz # Source0: http://www.fping.com/download/%{name}-%{version}_to-ipv6.tar.gz
Source0: %{name}-%{version}_to-ipv6.tar.gz Source0: %{name}-%{version}_to-ipv6.tar.gz
Patch0: fping-2.4b2_ipv6-fix.diff Patch0: fping-2.4b2_ipv6-fix.diff
Patch1: fping-2.4b2_to-ipv6-capnetraw.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description %description
@ -20,14 +27,17 @@ use in scripting in mind.
%prep %prep
%setup -q -n %{name}-%{version}_to-ipv6 %setup -q -n %{name}-%{version}_to-ipv6
%patch0 -p1 -b .ipv6 %patch0 -p1 -b .ipv6
%if 0%{?use_capnetraw}
%patch1 -p1 -b .capnetraw
%endif
%build %build
%configure %configure
make CFLAGS="-DIPV6 $RPM_OPT_FLAGS" make CFLAGS="-DIPV6 %{?use_capnetraw:-DENABLE_F_OPTION} $RPM_OPT_FLAGS"
mv fping fping6 mv fping fping6
make clean make clean
make CFLAGS="$RPM_OPT_FLAGS" make CFLAGS="%{?use_capnetraw:-DENABLE_F_OPTION} $RPM_OPT_FLAGS"
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -40,11 +50,21 @@ rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc ChangeLog COPYING README %doc ChangeLog COPYING README
%attr(4755,root,root) %{_sbindir}/fping %if 0%{?use_capnetraw}
%attr(4755,root,root) %{_sbindir}/fping6 %attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/fping
%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/fping6
%else
%attr(4711,root,root) %{_sbindir}/fping
%attr(4711,root,root) %{_sbindir}/fping6
%endif
%{_mandir}/man8/* %{_mandir}/man8/*
%changelog %changelog
* Sun Sep 04 2011 Charles R. Anderson <cra@wpi.edu> - 2.4b2-12
- remove SUID and add CAP_NET_RAW instead on Fedora 15 and newer (rhbz#646466)
- allow -f option for non-root on Fedora 15 and newer
- remove read permissions on binaries for Fedora 14 and older
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4b2-11 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4b2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

Write Preview
Loading…
Cancel
Save