From e66389751274efdfc8e7daef7fd02e0e6cef154a Mon Sep 17 00:00:00 2001 From: richard Date: Sat, 18 Mar 2000 13:07:45 +0000 Subject: [PATCH] Security fix. git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@6321 72102866-910b-0410-8b05-ffd578937521 --- ChangeLog | 6 ++++++ Tools/gdomap.c | 14 +++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index da913ac90..fb911ff92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2000-03-18 Richard Frith-Macdonald + + * Tools/gdomap.c: Become an unpriveliged user after binding to + port 538 (for which we need to be root). This should relieve + some security considerations. + 2000-03-18 Richard Frith-Macdonald * Source/NSNumber.m: Added private methods from concrete class. diff --git a/Tools/gdomap.c b/Tools/gdomap.c index b2a8ea2ad..34522ef89 100644 --- a/Tools/gdomap.c +++ b/Tools/gdomap.c @@ -1173,6 +1173,19 @@ init_ports() exit(1); } + /* + * Try to become a 'safe' user now that we have + * done everything that needs root priv. + */ + if (getuid () != 0) + { + setuid (getuid ()); + } + else + { + setuid (-1); + } + /* * Set up masks to say we are interested in these descriptors. */ @@ -2984,7 +2997,6 @@ main(int argc, char** argv) printf(" tcp_foreign, udp_foreign.\n"); printf("-U name unregister name locally then quit.\n"); printf("-a file use config file for interface list.\n"); - printf("-p disable udp broadcast for probe\n"); printf("-c file use config file for probe.\n"); printf("-d extra debug logging.\n"); printf("-f avoid fork() to make debugging easy\n");