From ef53125ebe9241fd4e362932fc970401fc60512c Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@redhat.com>
Date: Wed, 9 Jan 2013 21:23:31 +0100
Subject: [PATCH] src: setfsuid / setfsgid

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 src/astraceroute.c |  4 ++++
 src/bpfc.c         |  4 ++++
 src/curvetun.c     |  5 +++--
 src/flowtop.c      |  4 ++++
 src/ifpps.c        | 32 ++++++--------------------------
 src/netsniff-ng.c  |  4 ++++
 6 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/src/astraceroute.c b/src/astraceroute.c
index 0e0bf7e2..3be41e22 100644
--- a/src/astraceroute.c
+++ b/src/astraceroute.c
@@ -30,6 +30,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
+#include <sys/fsuid.h>
 #include <fcntl.h>
 #include <string.h>
 #include <asm/byteorder.h>
@@ -974,6 +975,9 @@ int main(int argc, char **argv)
 	struct ash_cfg cfg;
 	char *path_city_db = NULL, *path_country_db = NULL;
 
+	setfsuid(getuid());
+	setfsgid(getgid());
+
 	memset(&cfg, 0, sizeof(cfg));
 	cfg.init_ttl = 1;
 	cfg.max_ttl = 30;
diff --git a/src/bpfc.c b/src/bpfc.c
index 0863e743..16143ae8 100644
--- a/src/bpfc.c
+++ b/src/bpfc.c
@@ -24,6 +24,7 @@
 #include <getopt.h>
 #include <ctype.h>
 #include <unistd.h>
+#include <sys/fsuid.h>
 
 #include "xmalloc.h"
 #include "xutils.h"
@@ -95,6 +96,9 @@ int main(int argc, char **argv)
 	int ret, verbose = 0, c, opt_index, bypass = 0, hla = 0, debug = 0;
 	char *file = NULL;
 
+	setfsuid(getuid());
+	setfsgid(getgid());
+
 	if (argc == 1)
 		help();
 
diff --git a/src/curvetun.c b/src/curvetun.c
index e48c5894..3593aca2 100644
--- a/src/curvetun.c
+++ b/src/curvetun.c
@@ -44,6 +44,7 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/ptrace.h>
+#include <sys/fsuid.h>
 #include <netinet/in.h>
 #include <unistd.h>
 #include <signal.h>
@@ -589,8 +590,8 @@ int main(int argc, char **argv)
 	char *port = NULL, *stun = NULL, *dev = NULL, *home = NULL, *alias = NULL;
 	enum working_mode wmode = MODE_UNKNOW;
 
-	if (getuid() != geteuid())
-		if (seteuid(getuid())) { ; }
+	setfsuid(getuid());
+	setfsgid(getgid());
 
 	home = fetch_home_dir();
 
diff --git a/src/flowtop.c b/src/flowtop.c
index d3e086ae..14846a78 100644
--- a/src/flowtop.c
+++ b/src/flowtop.c
@@ -35,6 +35,7 @@
 #include <curses.h>
 #include <dirent.h>
 #include <sys/stat.h>
+#include <sys/fsuid.h>
 #include <urcu.h>
 #include <libgen.h>
 
@@ -1205,6 +1206,9 @@ int main(int argc, char **argv)
 	pthread_t tid;
 	int ret, c, opt_index, what_cmd = 0;
 
+	setfsuid(getuid());
+	setfsgid(getgid());
+
 	memset(&geo_country, 0, sizeof(geo_country));
 	memset(&geo_city, 0, sizeof(geo_city));
 
diff --git a/src/ifpps.c b/src/ifpps.c
index ee4f91a5..35048037 100644
--- a/src/ifpps.c
+++ b/src/ifpps.c
@@ -25,6 +25,7 @@
 #include <getopt.h>
 #include <ctype.h>
 #include <sys/socket.h>
+#include <sys/fsuid.h>
 #include <signal.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -157,7 +158,6 @@ static int stats_proc_net_dev(const char *ifname, struct ifstat *stats)
 	if (!fp)
 		panic("Cannot open /proc/net/dev!\n");
 
-	/* Omit table header from procfs file */
 	if (fgets(buff, sizeof(buff), fp)) { ; }
 	if (fgets(buff, sizeof(buff), fp)) { ; }
 
@@ -217,7 +217,7 @@ retry:
 		bug_on(stats->irq_nr == 0);
 
 		if (ptr)
-			ptr++; /* Skip ':' char */
+			ptr++;
 		for (i = 0; i < cpus && ptr; ++i) {
 			stats->irqs[i] = strtol(ptr, &ptr, 10);
 			if (i == cpus - 1) {
@@ -229,11 +229,6 @@ retry:
 		memset(buff, 0, sizeof(buff));
 	}
 
-	/* We could get caught here in case of wireless devices which
-	 * are not necessarily listed under 'wlan0' et al. in
-	 * proc/interrupts. Therefore, we try once again with the
-	 * ethtool driver name.
-	 */
 	if (ret == -EINVAL && try == 0) {
 		memset(&drvinf, 0, sizeof(drvinf));
 		if (ethtool_drvinf(ifname, &drvinf) < 0)
@@ -650,16 +645,6 @@ static void screen_wireless(WINDOW *screen, const struct ifstat *rel,
 			  "Signal: %8d dBm (%d dBm/t)       ",
 			  abs->wifi.signal_level,
 			  rel->wifi.signal_level);
-#if 0
-		mvwprintw(screen, (*voff)++, 2,
-			  "Noise:  %8d dBm (%d dBm/t)       ",
-			  abs->wifi.noise_level,
-			  rel->wifi.noise_level);
-		mvwprintw(screen, (*voff)++, 2,
-			  "SNR:    %8d dBm (%s)             ",
-			  abs->wifi.signal_level - abs->wifi.noise_level,
-			  snr_to_str(abs->wifi.signal_level - abs->wifi.noise_level));
-#endif
 	}
 }
 
@@ -720,7 +705,7 @@ static int screen_main(const char *ifname, uint64_t ms_interval)
 
 	while (!sigint) {
 		key = getch();
-		if (key == 'q' || key == 0x1b /* esq */ || key == KEY_F(10))
+		if (key == 'q' || key == 0x1b || key == KEY_F(10))
 			break;
 
 		screen_update(stats_screen, ifname, &stats_delta, &stats_new,
@@ -795,10 +780,6 @@ static void term_csv(const char *ifname, const struct ifstat *rel,
 
 		printf("%d ", rel->wifi.signal_level);
 		printf("%d ", abs->wifi.signal_level);
-#if 0
-		printf("%d ", rel->wifi.noise_level);
-		printf("%d ", abs->wifi.noise_level);
-#endif
 	}
 
 	puts("");
@@ -868,10 +849,6 @@ static void term_csv_header(const char *ifname, const struct ifstat *abs,
 
 		printf("%d:wifi-signal-dbm-per-t ", j++);
 		printf("%d:wifi-signal-dbm ", j++);
-#if 0
-		printf("%d:wifi-noise-dbm-per-t ", j++);
-		printf("%d:wifi-noise-dbm ", j++);
-#endif
 	}
 
 	puts("");
@@ -905,6 +882,9 @@ int main(int argc, char **argv)
 	char *ifname = NULL;
 	int (*func_main)(const char *ifname, uint64_t ms_interval) = screen_main;
 
+	setfsuid(getuid());
+	setfsgid(getgid());
+
 	while ((c = getopt_long(argc, argv, short_options, long_options,
 	       &opt_index)) != EOF) {
 		switch (c) {
diff --git a/src/netsniff-ng.c b/src/netsniff-ng.c
index 1d8f0d89..25390d6b 100644
--- a/src/netsniff-ng.c
+++ b/src/netsniff-ng.c
@@ -32,6 +32,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/fsuid.h>
 #include <unistd.h>
 #include <stdbool.h>
 #include <pthread.h>
@@ -1112,6 +1113,9 @@ int main(int argc, char **argv)
 		.dump_mode = DUMP_INTERVAL_TIME,
 	};
 
+	setfsuid(getuid());
+	setfsgid(getgid());
+
 	srand(time(NULL));
 
 	while ((c = getopt_long(argc, argv, short_options, long_options,
-- 
2.11.4.GIT