SUID comments, review

diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 4294075fa5cf19bf53937f05a21ce224108a4240..afcd60bc5916d021912b550d21e154b622ddc061 100644 (file)
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -10,6 +10,13 @@ if USE_COVERAGE
   AM_CFLAGS = --coverage -O0
 endif
 
+if LINUX
+NATBIN = gnunet-nat-server gnunet-nat-client
+install-exec-hook:
+       chown root $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client || true
+       chmod u+s $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client || true
+endif
+
 
 lib_LTLIBRARIES = \
   libgnunettransport.la
@@ -29,7 +36,14 @@ libgnunettransport_la_LDFLAGS = \
 
 bin_PROGRAMS = \
  gnunet-transport \
- gnunet-service-transport 
+ gnunet-service-transport $(NATBIN)
+
+
+gnunet_nat_server_SOURCES = \
+ gnunet-nat-server.c         
+
+gnunet_nat_client_SOURCES = \
+ gnunet-nat-client.c         
 
 
 gnunet_transport_SOURCES = \

diff --git a/src/transport/gnunet-nat-client.c b/src/transport/gnunet-nat-client.c
index ba99c88164ea6bbdeef936e3b2dd594601fc8892..42af5ca77fd6adc325d66ccec950d5d6843f4c3b 100644 (file)
--- a/src/transport/gnunet-nat-client.c
+++ b/src/transport/gnunet-nat-client.c
@@ -23,6 +23,21 @@
  * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
  *        This code will work under GNU/Linux only.  
  * @author Christian Grothoff
+ *
+ * This program will send ONE ICMP message using RAW sockets
+ * to the IP address specified as the second argument.  Since
+ * it uses RAW sockets, it must be installed SUID or run as 'root'.
+ * In order to keep the security risk of the resulting SUID binary
+ * minimal, the program ONLY opens the RAW socket with root
+ * priviledges, then drops them and only then starts to process
+ * command line arguments.  The code also does not link against
+ * any shared libraries (except libc) and is strictly minimal
+ * (except for checking for errors).  The following list of people
+ * have reviewed this code and considered it safe since the last
+ * modification (if you reviewed it, please have your name added
+ * to the list):
+ *
+ * - Christian Grothoff
  */
 #define _GNU_SOURCE
 #include <sys/types.h> 

diff --git a/src/transport/gnunet-nat-server.c b/src/transport/gnunet-nat-server.c
index 225c0af5fdb46b59c13e30d4d31a7af74853a51a..333c0d6426c55e886c817d7d1aa2bb4a480ecb97 100644 (file)
--- a/src/transport/gnunet-nat-server.c
+++ b/src/transport/gnunet-nat-server.c
@@ -23,6 +23,21 @@
  * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do)
  *        This code will work under GNU/Linux only (or maybe BSDs, but never W32)
  * @author Christian Grothoff
+ *
+ * This program will send ONE ICMP message every 500 ms RAW sockets
+ * to a DUMMY IP address and also listens for ICMP replies.  Since
+ * it uses RAW sockets, it must be installed SUID or run as 'root'.
+ * In order to keep the security risk of the resulting SUID binary
+ * minimal, the program ONLY opens the two RAW sockets with root
+ * priviledges, then drops them and only then starts to process
+ * command line arguments.  The code also does not link against
+ * any shared libraries (except libc) and is strictly minimal
+ * (except for checking for errors).  The following list of people
+ * have reviewed this code and considered it safe since the last
+ * modification (if you reviewed it, please have your name added
+ * to the list):
+ *
+ * - Christian Grothoff
  */
 #define _GNU_SOURCE
 #include <sys/types.h>