|
|
cbbe2b |
diff -rup iputils-s20121221/clockdiff.c iputils-s20121221-new/clockdiff.c
|
|
|
cbbe2b |
--- iputils-s20121221/clockdiff.c 2012-12-21 15:01:07.000000000 +0100
|
|
|
cbbe2b |
+++ iputils-s20121221-new/clockdiff.c 2015-03-23 10:17:29.190895413 +0100
|
|
|
cbbe2b |
@@ -21,6 +21,7 @@
|
|
|
cbbe2b |
#include <errno.h>
|
|
|
cbbe2b |
#include <linux/types.h>
|
|
|
cbbe2b |
#ifdef CAPABILITIES
|
|
|
cbbe2b |
+#include <sys/prctl.h>
|
|
|
cbbe2b |
#include <sys/capability.h>
|
|
|
cbbe2b |
#endif
|
|
|
cbbe2b |
|
|
|
cbbe2b |
@@ -534,12 +535,51 @@ usage() {
|
|
|
cbbe2b |
|
|
|
cbbe2b |
void drop_rights(void) {
|
|
|
cbbe2b |
#ifdef CAPABILITIES
|
|
|
cbbe2b |
- cap_t caps = cap_init();
|
|
|
cbbe2b |
- if (cap_set_proc(caps)) {
|
|
|
cbbe2b |
- perror("clockdiff: cap_set_proc");
|
|
|
cbbe2b |
+ cap_t cap_cur_p;
|
|
|
cbbe2b |
+ cap_t cap_p;
|
|
|
cbbe2b |
+ cap_value_t cap_raw = CAP_NET_RAW;
|
|
|
cbbe2b |
+ cap_flag_value_t cap_ok;
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ cap_cur_p = cap_get_proc();
|
|
|
cbbe2b |
+ if (!cap_cur_p) {
|
|
|
cbbe2b |
+ perror("ping: cap_get_proc");
|
|
|
cbbe2b |
exit(-1);
|
|
|
cbbe2b |
}
|
|
|
cbbe2b |
- cap_free(caps);
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ cap_p = cap_init();
|
|
|
cbbe2b |
+ if (!cap_p) {
|
|
|
cbbe2b |
+ perror("ping: cap_init");
|
|
|
cbbe2b |
+ exit(-1);
|
|
|
cbbe2b |
+ }
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ cap_ok = CAP_CLEAR;
|
|
|
cbbe2b |
+ cap_get_flag(cap_cur_p, CAP_NET_RAW, CAP_PERMITTED, &cap_ok);
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ if (cap_ok != CAP_CLEAR)
|
|
|
cbbe2b |
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_raw, CAP_SET);
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ if (cap_set_proc(cap_p) < 0) {
|
|
|
cbbe2b |
+ perror("ping: cap_set_proc");
|
|
|
cbbe2b |
+ exit(-1);
|
|
|
cbbe2b |
+ }
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
|
|
|
cbbe2b |
+ perror("ping: prctl");
|
|
|
cbbe2b |
+ exit(-1);
|
|
|
cbbe2b |
+ }
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ if (setuid(getuid()) < 0) {
|
|
|
cbbe2b |
+ perror("setuid");
|
|
|
cbbe2b |
+ exit(-1);
|
|
|
cbbe2b |
+ }
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ if (prctl(PR_SET_KEEPCAPS, 0) < 0) {
|
|
|
cbbe2b |
+ perror("ping: prctl");
|
|
|
cbbe2b |
+ exit(-1);
|
|
|
cbbe2b |
+ }
|
|
|
cbbe2b |
+
|
|
|
cbbe2b |
+ cap_free(cap_p);
|
|
|
cbbe2b |
+ cap_free(cap_cur_p);
|
|
|
cbbe2b |
#endif
|
|
|
cbbe2b |
if (setuid(getuid())) {
|
|
|
cbbe2b |
perror("clockdiff: setuid");
|