Release setuid immediately after initializing; this minimizes the

possibility of security holes allowing root penetration.

Inspired by:	Mark Handley <M.Handley@cs.ucl.ac.uk> and
		Theo de Raadt <deraadt@theos.com> independently
Submitted by:	Theo de Raadt <deraadt@theos.com>

usr.sbin/mrouted/main.c

@@ -7,7 +7,7 @@
  * Leland Stanford Junior University.
  *
  *
- * $Id: main.c,v 3.8 1995/11/29 22:36:34 fenner Rel $
+ * $Id: main.c,v 1.7 1996/01/06 21:09:51 peter Exp $
  */
 
 /*
@@ -34,7 +34,7 @@
 
 #ifndef lint
 static char rcsid[] =
-	"@(#) $Id: main.c,v 3.8 1995/11/29 22:36:34 fenner Rel $";
+	"@(#) $Id: main.c,v 1.7 1996/01/06 21:09:51 peter Exp $";
 #endif
 
 extern char *configfilename;
@@ -116,7 +116,7 @@ main(argc, argv)
     setlinebuf(stderr);
 
     if (geteuid() != 0) {
-	fprintf(stderr, "must be root\n");
+	fprintf(stderr, "mrouted: must be root\n");
 	exit(1);
     }
 

usr.sbin/mrouted/mapper.c

@@ -1,7 +1,7 @@
 /* Mapper for connections between MRouteD multicast routers.
  * Written by Pavel Curtis <Pavel@PARC.Xerox.Com>
  *
- * $Id: mapper.c,v 3.8 1995/11/29 22:36:57 fenner Rel $
+ * $Id: mapper.c,v 1.6 1996/01/06 21:09:53 peter Exp $
  */
 
 /*
@@ -844,13 +844,16 @@ int main(argc, argv)
 {
     int flood = FALSE, graph = FALSE;
     
-    setlinebuf(stderr);
-
     if (geteuid() != 0) {
-	fprintf(stderr, "must be root\n");
+	fprintf(stderr, "map-mbone: must be root\n");
 	exit(1);
     }
 
+    init_igmp();
+    setuid(getuid());
+
+    setlinebuf(stderr);
+
     argv++, argc--;
     while (argc > 0 && argv[0][0] == '-') {
 	switch (argv[0][1]) {
@@ -899,8 +902,6 @@ int main(argc, argv)
     if (debug)
 	fprintf(stderr, "Debug level %u\n", debug);
 
-    init_igmp();
-
     {				/* Find a good local address for us. */
 	int udp;
 	struct sockaddr_in addr;

usr.sbin/mrouted/mrinfo.c

@@ -61,7 +61,7 @@
 
 #ifndef lint
 static char rcsid[] =
-    "@(#) $Id: mrinfo.c,v 3.8 1995/11/29 22:36:34 fenner Rel $";
+    "@(#) $Id: mrinfo.c,v 1.8 1996/01/06 21:09:56 peter Exp $";
 /*  original rcsid:
     "@(#) Header: mrinfo.c,v 1.6 93/04/08 15:14:16 van Exp (LBL)";
 */
@@ -333,12 +333,16 @@ main(argc, argv)
 	char *host;
 	int curaddr;
 
-	setlinebuf(stderr);
-
 	if (geteuid() != 0) {
 		fprintf(stderr, "mrinfo: must be root\n");
 		exit(1);
 	}
+
+	init_igmp();
+	setuid(getuid());
+
+	setlinebuf(stderr);
+
 	argv++, argc--;
 	while (argc > 0 && argv[0][0] == '-') {
 		switch (argv[0][1]) {
@@ -386,8 +390,6 @@ main(argc, argv)
 	if (debug)
 		fprintf(stderr, "Debug level %u\n", debug);
 
-	init_igmp();
-
 	/* Check all addresses; mrouters often have unreachable interfaces */
 	for (curaddr = 0; hp->h_addr_list[curaddr] != NULL; curaddr++) {
 	    memcpy(&target_addr, hp->h_addr_list[curaddr], hp->h_length);

usr.sbin/mrouted/mtrace.c

@@ -50,7 +50,7 @@
 
 #ifndef lint
 static char rcsid[] =
-    "@(#) $Id: mtrace.c,v 3.8 1995/11/29 22:36:34 fenner Rel $";
+    "@(#) $Id: mtrace.c,v 1.7 1996/01/06 21:10:05 peter Exp $";
 #endif
 
 #include <netdb.h>
@@ -629,8 +629,6 @@ passive_mode()
     int len, recvlen, dummy = 0;
     u_int32 smask;
 
-    init_igmp();
-
     if (raddr) {
 	if (IN_MULTICAST(ntohl(raddr))) k_join(raddr, INADDR_ANY);
     } else k_join(htonl(0xE0000120), INADDR_ANY);
@@ -1168,6 +1166,9 @@ char *argv[];
 	exit(1);
     }
 
+    init_igmp();
+    setuid(getuid());
+
     argv++, argc--;
     if (argc == 0) goto usage;
 
@@ -1304,8 +1305,6 @@ Usage: mtrace [-Mlnps] [-w wait] [-m max_hops] [-q nqueries] [-g gateway]\n\
 	exit(1);
     }
 
-    init_igmp();
-
     /*
      * Set useful defaults for as many parameters as possible.
      */