From masafumi@tky007.tth.expo96.ad.jp  Sat Aug 10 23:56:17 1996
Received: from mail.tky007.tth.expo96.ad.jp (tky007.tth.expo96.ad.jp [133.246.32.58])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA17237
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 10 Aug 1996 23:56:15 -0700 (PDT)
Received: (from masafumi@localhost) by mail.tky007.tth.expo96.ad.jp (8.7.5/3.4W4-SMTP) id PAA01509; Sun, 11 Aug 1996 15:55:49 +0900 (JST)
Message-Id: <199608110655.PAA01509@mail.tky007.tth.expo96.ad.jp>
Date: Sun, 11 Aug 1996 15:55:49 +0900 (JST)
From: max@sfc.wide.ad.jp
Reply-To: max@sfc.wide.ad.jp
To: FreeBSD-gnats-submit@freebsd.org
Subject: Non-super-users cannot use traceroute
X-Send-Pr-Version: 3.2

>Number:         1489
>Category:       bin
>Synopsis:       Non-super-users cannot use traceroute
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    fenner
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 11 00:00:01 PDT 1996
>Closed-Date:    Tue Aug 13 09:29:15 PDT 1996
>Last-Modified:  Tue Aug 13 09:30:30 PDT 1996
>Originator:     Masafumi NAKANE
>Release:        FreeBSD 2.2-CURRENT i386
>Organization:
>Environment:

	

>Description:

	
	In /usr/src/usr.sbin/traceroute/traceroute.c, setuid(getuid())
is performed before creating a raw socket which is to send out udp
packet, and thus, non-super-user cannot use the command.

>How-To-Repeat:

	
	As non-super-user:
	% traceroute some.host.domain

>Fix:
	
	
	Either create sndsock much earlier in the program (before
setuid(getuid()), or do setuid(getuid()) later in the program.  Since
it seems recent modification to the program was meant to make it more
secure by putting setuid(getuid()) earlier in the program to get rid
of the privilege, I suppose former solution should be taken.  I attach
my quick and dirty hack here, as it might be any use by chance.
     This is a patch to:
Header: /home/ncvs/src/usr.sbin/traceroute/traceroute.c,v 1.6 1996/08/09 06:00:53 fenner Exp

*** traceroute.c.orig	Sat Aug 10 11:08:59 1996
--- traceroute.c	Sun Aug 11 15:28:03 1996
***************
*** 307,312 ****
--- 307,317 ----
  		sockerrno = errno;
  	}
  
+ 	if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
+ 		perror("traceroute: raw socket");
+ 		exit(5);
+ 	}
+ 
  	setuid(getuid());
  
  	oix = optlist;
***************
*** 475,485 ****
  	if (options & SO_DONTROUTE)
  		(void) setsockopt(s, SOL_SOCKET, SO_DONTROUTE,
  				  (char *)&on, sizeof(on));
- 
- 	if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
- 		perror("traceroute: raw socket");
- 		exit(5);
- 	}
  
  	if (lsrr > 0) {
  	  lsrr++;
--- 480,485 ----
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: fenner 
State-Changed-When: Tue Aug 13 09:29:15 PDT 1996 
State-Changed-Why:  
Fixed in rev 1.7 of traceroute.c 


Responsible-Changed-From-To: freebsd-bugs->fenner 
Responsible-Changed-By: fenner 
Responsible-Changed-When: Tue Aug 13 09:29:15 PDT 1996 
Responsible-Changed-Why:  
fenner wrote the bug 
>Unformatted:
