From b4ad23dde8a344c9adccdb00a9e6f53ca26fa1de Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 16 Dec 2011 22:18:10 +0000
Subject: [PATCH] -also minimizing SUID code here

---
 src/transport/gnunet-helper-transport-wlan.c | 46 ++++++++++++++------
 1 file changed, 32 insertions(+), 14 deletions(-)

diff --git a/src/transport/gnunet-helper-transport-wlan.c b/src/transport/gnunet-helper-transport-wlan.c
index 0bc6d88ff..fcdd9d520 100644
--- a/src/transport/gnunet-helper-transport-wlan.c
+++ b/src/transport/gnunet-helper-transport-wlan.c
@@ -1412,12 +1412,6 @@ wlan_initialize (struct HardwareInfos *dev, const char *iface)
   struct stat sbuf;
   int ret;
 
-  dev->fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL));
-  if (0 > dev->fd_raw)
-  {
-    fprintf (stderr, "Failed to create raw socket: %s\n", strerror (errno));
-    return 1;
-  }
   if (dev->fd_raw >= FD_SETSIZE)
   {
     fprintf (stderr, "File descriptor too large for select (%d > %d)\n",
@@ -1559,22 +1553,46 @@ main (int argc, char *argv[])
   int retval;
   int stdin_open;
   struct MessageStreamTokenizer *stdin_mst;
+  int raw_eno;
 
+  dev.fd_raw = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL));
+  raw_eno = errno; /* remember for later */
+  uid = getuid ();
+#ifdef HAVE_SETRESUID
+  if (0 != setresuid (uid, uid, uid))
+  {
+    fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
+    if (-1 != dev.fd_raw)
+      (void) close (dev.fd_raw);
+    return 1;
+  }
+#else
+  if (0 != (setuid (uid) | seteuid (uid)))
+  {
+    fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
+    if (-1 != dev.fd_raw)
+      (void) close (dev.fd_raw);
+    return 1;
+  }
+#endif
+
+  /* now that we've dropped root rights, we can do error checking */
   if (2 != argc)
   {
     fprintf (stderr,
              "You must specify the name of the interface as the first and only argument to this program.\n");
+    if (-1 != dev.fd_raw)
+      (void) close (dev.fd_raw);
     return 1;
   }
-  if (0 != wlan_initialize (&dev, argv[1]))
-    return 1;
-  uid = getuid ();
-  if (0 != setresuid (uid, uid, uid))
+
+  if (-1 == dev.fd_raw)
   {
-    fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
-    /* not critical, continue anyway */
+    fprintf (stderr, "Failed to create raw socket: %s\n", strerror (raw_eno));
+    return 1;
   }
-
+  if (0 != wlan_initialize (&dev, argv[1]))
+    return 1;
   dev.write_pout.size = 0;
   dev.write_pout.pos = 0;
   stdin_mst = mst_create (&stdin_send_hw, &dev);  
@@ -1705,7 +1723,7 @@ main (int argc, char *argv[])
   }
   /* Error handling, try to clean up a bit at least */
   mst_destroy (stdin_mst);
-  close (dev.fd_raw);
+  (void) close (dev.fd_raw);
   return 1;                     /* we never exit 'normally' */
 }
 
-- 
2.25.1