Kernel+ping: Only allow superuser to create SOCK_RAW sockets

/bin/ping is now setuid-root, and will drop privileges immediately after opening a raw socket.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/3f254bfbc8e
2025-01-06 02:55:49 +03:00 · 2019-12-31 01:42:34 +01:00 · 2019-12-31 01:42:34 +01:00 · 3f254bfbc8 · 2024-07-19 10:31:30 +09:00
commit 3f254bfbc8
parent 5c918d0e71
3 changed files with 8 additions and 0 deletions
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -2609,6 +2609,8 @@ size_t Process::amount_purgeable_nonvolatile() const

 int Process::sys$socket(int domain, int type, int protocol)
 {
+    if ((type & SOCK_TYPE_MASK) == SOCK_RAW && !is_superuser())
+        return -EACCES;
    int fd = alloc_fd();
    if (fd < 0)
        return fd;
--- a/Kernel/build-root-filesystem.sh
+++ b/Kernel/build-root-filesystem.sh
@ -82,6 +82,7 @@ else
 find ../Userland/ -type f -perm +111 -exec cp {} mnt/bin/ \;
 fi
 chmod 4755 mnt/bin/su
+chmod 4755 mnt/bin/ping
 echo "done"

 printf "installing applications... "
--- a/Userland/ping.cpp
+++ b/Userland/ping.cpp
@ -37,6 +37,11 @@ int main(int argc, char** argv)
        return 1;
    }

+    if (setgid(getgid()) || setuid(getuid())) {
+        fprintf(stderr, "Failed to drop privileges.\n");
+        return 1;
+    }
+
    struct timeval timeout {
        1, 0
    };