diff options
author | fenner <fenner@FreeBSD.org> | 1996-10-01 23:14:35 +0000 |
---|---|---|
committer | fenner <fenner@FreeBSD.org> | 1996-10-01 23:14:35 +0000 |
commit | f0be48c6af2eaec668865dff86d62e3f008a8ef5 (patch) | |
tree | 5f918dd1d092d1a7ae36f00e49095a8cc8f24101 /usr.sbin/mrouted/mapper.c | |
parent | 7960c9984d0275acf13a0caf86609519bd757f03 (diff) | |
download | FreeBSD-src-f0be48c6af2eaec668865dff86d62e3f008a8ef5.zip FreeBSD-src-f0be48c6af2eaec668865dff86d62e3f008a8ef5.tar.gz |
Release setuid immediately after initializing; this minimizes the
possibility of security holes allowing root penetration.
Inspired by: Mark Handley <M.Handley@cs.ucl.ac.uk> and
Theo de Raadt <deraadt@theos.com> independently
Submitted by: Theo de Raadt <deraadt@theos.com>
Diffstat (limited to 'usr.sbin/mrouted/mapper.c')
-rw-r--r-- | usr.sbin/mrouted/mapper.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/usr.sbin/mrouted/mapper.c b/usr.sbin/mrouted/mapper.c index 1eacd04..076778f 100644 --- a/usr.sbin/mrouted/mapper.c +++ b/usr.sbin/mrouted/mapper.c @@ -1,7 +1,7 @@ /* Mapper for connections between MRouteD multicast routers. * Written by Pavel Curtis <Pavel@PARC.Xerox.Com> * - * $Id: mapper.c,v 3.8 1995/11/29 22:36:57 fenner Rel $ + * $Id: mapper.c,v 1.6 1996/01/06 21:09:53 peter Exp $ */ /* @@ -844,13 +844,16 @@ int main(argc, argv) { int flood = FALSE, graph = FALSE; - setlinebuf(stderr); - if (geteuid() != 0) { - fprintf(stderr, "must be root\n"); + fprintf(stderr, "map-mbone: must be root\n"); exit(1); } + init_igmp(); + setuid(getuid()); + + setlinebuf(stderr); + argv++, argc--; while (argc > 0 && argv[0][0] == '-') { switch (argv[0][1]) { @@ -899,8 +902,6 @@ int main(argc, argv) if (debug) fprintf(stderr, "Debug level %u\n", debug); - init_igmp(); - { /* Find a good local address for us. */ int udp; struct sockaddr_in addr; |