diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-12-22 00:33:34 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-12-22 00:33:34 +0000 |
| commit | 3a9c99b751edf9da7e49c9b2e02bb92e82a4ab92 (patch) | |
| tree | 313e4f720b12a31b31c4bc85da489040ce96f2f5 /sbin/ping6/ping6.c | |
| parent | a9bfe56ebf2b5ce7eeec800b2d2c5c9bb978319e (diff) | |
revoke root privilege earliest possible
Diffstat (limited to 'sbin/ping6/ping6.c')
| -rw-r--r-- | sbin/ping6/ping6.c | 69 |
1 files changed, 40 insertions, 29 deletions
diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c index 99da4f227fb..10c4d6088cb 100644 --- a/sbin/ping6/ping6.c +++ b/sbin/ping6/ping6.c @@ -1,5 +1,5 @@ -/* $OpenBSD: ping6.c,v 1.18 2000/12/02 02:56:50 itojun Exp $ */ -/* $KAME: ping6.c,v 1.105 2000/12/02 02:48:41 itojun Exp $ */ +/* $OpenBSD: ping6.c,v 1.19 2000/12/22 00:33:33 itojun Exp $ */ +/* $KAME: ping6.c,v 1.107 2000/12/22 00:32:44 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -561,6 +561,44 @@ main(argc, argv) (void)memcpy(&dst, res->ai_addr, res->ai_addrlen); + if ((s = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) + err(1, "socket"); + + /* + * let the kerel pass extension headers of incoming packets, + * for privileged socket options + */ + if ((options & F_VERBOSE) != 0) { + int opton = 1; + +#ifdef IPV6_RECVHOPOPTS + if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVHOPOPTS, &opton, + sizeof(opton))) + err(1, "setsockopt(IPV6_RECVHOPOPTS)"); +#else /* old adv. API */ + if (setsockopt(s, IPPROTO_IPV6, IPV6_HOPOPTS, &opton, + sizeof(opton))) + err(1, "setsockopt(IPV6_HOPOPTS)"); +#endif +#ifdef IPV6_RECVDSTOPTS + if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVDSTOPTS, &opton, + sizeof(opton))) + err(1, "setsockopt(IPV6_RECVDSTOPTS)"); +#else /* old adv. API */ + if (setsockopt(s, IPPROTO_IPV6, IPV6_DSTOPTS, &opton, + sizeof(opton))) + err(1, "setsockopt(IPV6_DSTOPTS)"); +#endif +#ifdef IPV6_RECVRTHDRDSTOPTS + if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVRTHDRDSTOPTS, &opton, + sizeof(opton))) + err(1, "setsockopt(IPV6_RECVRTHDRDSTOPTS)"); +#endif + } + + /* revoke root privilege */ + setuid(getuid()); + if (options & F_FLOOD && options & F_INTERVAL) errx(1, "-f and -i incompatible options"); @@ -595,9 +633,6 @@ main(argc, argv) *((u_int32_t *)&nonce[i]) = arc4random(); #endif - if ((s = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0) - err(1, "socket"); - hold = 1; if (options & F_SO_DEBUG) @@ -659,7 +694,6 @@ main(argc, argv) #endif /*ICMP6_FILTER*/ /* let the kerel pass extension headers of incoming packets */ - /* TODO: implement parsing routine */ if ((options & F_VERBOSE) != 0) { int opton = 1; @@ -672,29 +706,6 @@ main(argc, argv) sizeof(opton))) err(1, "setsockopt(IPV6_RTHDR)"); #endif -#ifdef IPV6_RECVHOPOPTS - if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVHOPOPTS, &opton, - sizeof(opton))) - err(1, "setsockopt(IPV6_RECVHOPOPTS)"); -#else /* old adv. API */ - if (setsockopt(s, IPPROTO_IPV6, IPV6_HOPOPTS, &opton, - sizeof(opton))) - err(1, "setsockopt(IPV6_HOPOPTS)"); -#endif -#ifdef IPV6_RECVDSTOPTS - if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVDSTOPTS, &opton, - sizeof(opton))) - err(1, "setsockopt(IPV6_RECVDSTOPTS)"); -#else /* old adv. API */ - if (setsockopt(s, IPPROTO_IPV6, IPV6_DSTOPTS, &opton, - sizeof(opton))) - err(1, "setsockopt(IPV6_DSTOPTS)"); -#endif -#ifdef IPV6_RECVRTHDRDSTOPTS - if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVRTHDRDSTOPTS, &opton, - sizeof(opton))) - err(1, "setsockopt(IPV6_RECVRTHDRDSTOPTS)"); -#endif } /* |