[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Small code-audit request

Subject: Small code-audit request
From: Andrew Farmer <email@hidden>
Date: Sat, 1 Jan 2005 14:07:17 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

The following code will be running as root (as a suid executable).

1. Does the following code contain any obvious vulnerabilities?

2. Can making raw ICMP sockets available to users like this cause any major security problems?

(If you're wondering, it's for a userland ping.)


void send_fd(int dest_sock, int sendme) {
	struct msghdr msg = {0};
	char buf[CMSG_SPACE(sizeof(sendme))];

	msg.msg_control = buf;
	msg.msg_controllen = sizeof(buf);

	struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_RIGHTS;
	cmsg->cmsg_len = msg.msg_controllen = sizeof(buf);

	*((int *) CMSG_DATA(cmsg)) = sendme;

	if (sendmsg(dest_sock, &msg, 0) < 0)
		exit(1);
}

int main(int args, char *argv[]) {
	struct protoent *proto = getprotobyname("icmp");

	if(!proto)
		exit(1);

	int sendme = socket(AF_INET, SOCK_RAW, proto->p_proto);

	if(sendme < 0)
		exit(1);

	send_fd(0, sendme);

	exit(0);
}

Attachment: PGP.sig
Description: This is a digitally signed message part

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/email@hidden

This email sent to email@hidden

Prev by Date: Re: Accurate decimal numbers?
Next by Date: Re: Accurate decimal numbers?
Previous by thread: Re: NSApp and main window
Next by thread: Cocoa Bindings and Structures
Index(es):
- Date
- Thread

Home