-check for SUID helper

diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index dc9991422a244fd516d1d40bbb8605db468d124c..86a24ff1cc92e9967fb35fa43b7177aae944827f 100644 (file)
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -219,6 +219,11 @@ struct TunnelState
 };
 
 
+/**
+ * Return value from 'main'.
+ */
+static int global_ret;
+
 /**
  * The handle to the configuration used throughout the process
  */
@@ -2970,6 +2975,15 @@ run (void *cls, char *const *args GNUNET_UNUSED,
   char *ipv4addr;
   char *ipv4mask;
 
+  if (GNUNET_YES !=
+      GNUNET_OS_check_helper_binary ("gnunet-helper-exit"))
+  {
+    fprintf (stderr,
+            "`%s' is not SUID, refusing to run.\n",
+            "gnunet-helper-exit");
+    global_ret = 1;
+    return;
+  }
   cfg = cfg_;
   stats = GNUNET_STATISTICS_create ("exit", cfg);
   ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg, "exit", "EXIT_IPV4");
@@ -3151,7 +3165,7 @@ main (int argc, char *const *argv)
           GNUNET_PROGRAM_run (argc, argv, "gnunet-daemon-exit",
                               gettext_noop
                               ("Daemon to run to provide an IP exit node for the VPN"),
-                              options, &run, NULL)) ? 0 : 1;
+                              options, &run, NULL)) ? global_ret : 1;
 }
 
 

diff --git a/src/exit/gnunet-helper-exit.c b/src/exit/gnunet-helper-exit.c
index 76d14d5bcc8a6033bac4b6135dbc02d504cf5f38..db1401e89944a838b8fa207dc6c2e4739642898a 100644 (file)
--- a/src/exit/gnunet-helper-exit.c
+++ b/src/exit/gnunet-helper-exit.c
@@ -180,7 +180,8 @@ init_tun (char *dev)
 
   if (-1 == ioctl (fd, TUNSETIFF, (void *) &ifr))
   {
-    fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
+    fprintf (stderr, 
+            "Error with ioctl on `%s': %s\n", "/dev/net/tun",
              strerror (errno));
     (void) close (fd);
     return -1;