From 8721bed1d8c889b98020870d5453e6648355b3bd Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 6 Feb 2010 23:23:14 +0000 Subject: [PATCH] SUID comments, review --- src/transport/Makefile.am | 16 +++++++++++++++- src/transport/gnunet-nat-client.c | 15 +++++++++++++++ src/transport/gnunet-nat-server.c | 15 +++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index 4294075fa..afcd60bc5 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am @@ -10,6 +10,13 @@ if USE_COVERAGE AM_CFLAGS = --coverage -O0 endif +if LINUX +NATBIN = gnunet-nat-server gnunet-nat-client +install-exec-hook: + chown root $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client || true + chmod u+s $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client || true +endif + lib_LTLIBRARIES = \ libgnunettransport.la @@ -29,7 +36,14 @@ libgnunettransport_la_LDFLAGS = \ bin_PROGRAMS = \ gnunet-transport \ - gnunet-service-transport + gnunet-service-transport $(NATBIN) + + +gnunet_nat_server_SOURCES = \ + gnunet-nat-server.c + +gnunet_nat_client_SOURCES = \ + gnunet-nat-client.c gnunet_transport_SOURCES = \ diff --git a/src/transport/gnunet-nat-client.c b/src/transport/gnunet-nat-client.c index ba99c8816..42af5ca77 100644 --- a/src/transport/gnunet-nat-client.c +++ b/src/transport/gnunet-nat-client.c @@ -23,6 +23,21 @@ * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) * This code will work under GNU/Linux only. * @author Christian Grothoff + * + * This program will send ONE ICMP message using RAW sockets + * to the IP address specified as the second argument. Since + * it uses RAW sockets, it must be installed SUID or run as 'root'. + * In order to keep the security risk of the resulting SUID binary + * minimal, the program ONLY opens the RAW socket with root + * priviledges, then drops them and only then starts to process + * command line arguments. The code also does not link against + * any shared libraries (except libc) and is strictly minimal + * (except for checking for errors). The following list of people + * have reviewed this code and considered it safe since the last + * modification (if you reviewed it, please have your name added + * to the list): + * + * - Christian Grothoff */ #define _GNU_SOURCE #include diff --git a/src/transport/gnunet-nat-server.c b/src/transport/gnunet-nat-server.c index 225c0af5f..333c0d642 100644 --- a/src/transport/gnunet-nat-server.c +++ b/src/transport/gnunet-nat-server.c @@ -23,6 +23,21 @@ * @brief Tool to help bypass NATs using ICMP method; must run as root (SUID will do) * This code will work under GNU/Linux only (or maybe BSDs, but never W32) * @author Christian Grothoff + * + * This program will send ONE ICMP message every 500 ms RAW sockets + * to a DUMMY IP address and also listens for ICMP replies. Since + * it uses RAW sockets, it must be installed SUID or run as 'root'. + * In order to keep the security risk of the resulting SUID binary + * minimal, the program ONLY opens the two RAW sockets with root + * priviledges, then drops them and only then starts to process + * command line arguments. The code also does not link against + * any shared libraries (except libc) and is strictly minimal + * (except for checking for errors). The following list of people + * have reviewed this code and considered it safe since the last + * modification (if you reviewed it, please have your name added + * to the list): + * + * - Christian Grothoff */ #define _GNU_SOURCE #include -- 2.25.1