[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r10242 - gnunet/src/transport
From: |
gnunet |
Subject: |
[GNUnet-SVN] r10242 - gnunet/src/transport |
Date: |
Sun, 7 Feb 2010 00:23:14 +0100 |
Author: grothoff
Date: 2010-02-07 00:23:14 +0100 (Sun, 07 Feb 2010)
New Revision: 10242
Modified:
gnunet/src/transport/Makefile.am
gnunet/src/transport/gnunet-nat-client.c
gnunet/src/transport/gnunet-nat-server.c
Log:
SUID comments, review
Modified: gnunet/src/transport/Makefile.am
===================================================================
--- gnunet/src/transport/Makefile.am 2010-02-06 23:13:26 UTC (rev 10241)
+++ gnunet/src/transport/Makefile.am 2010-02-06 23:23:14 UTC (rev 10242)
@@ -10,7 +10,14 @@
AM_CFLAGS = --coverage -O0
endif
+if LINUX
+NATBIN = gnunet-nat-server gnunet-nat-client
+install-exec-hook:
+ chown root $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client ||
true
+ chmod u+s $(bindir)/gnunet-nat-server $(bindir)/gnunet-nat-client ||
true
+endif
+
lib_LTLIBRARIES = \
libgnunettransport.la
@@ -29,9 +36,16 @@
bin_PROGRAMS = \
gnunet-transport \
- gnunet-service-transport
+ gnunet-service-transport $(NATBIN)
+gnunet_nat_server_SOURCES = \
+ gnunet-nat-server.c
+
+gnunet_nat_client_SOURCES = \
+ gnunet-nat-client.c
+
+
gnunet_transport_SOURCES = \
gnunet-transport.c
gnunet_transport_LDADD = \
Modified: gnunet/src/transport/gnunet-nat-client.c
===================================================================
--- gnunet/src/transport/gnunet-nat-client.c 2010-02-06 23:13:26 UTC (rev
10241)
+++ gnunet/src/transport/gnunet-nat-client.c 2010-02-06 23:23:14 UTC (rev
10242)
@@ -23,6 +23,21 @@
* @brief Tool to help bypass NATs using ICMP method; must run as root (SUID
will do)
* This code will work under GNU/Linux only.
* @author Christian Grothoff
+ *
+ * This program will send ONE ICMP message using RAW sockets
+ * to the IP address specified as the second argument. Since
+ * it uses RAW sockets, it must be installed SUID or run as 'root'.
+ * In order to keep the security risk of the resulting SUID binary
+ * minimal, the program ONLY opens the RAW socket with root
+ * priviledges, then drops them and only then starts to process
+ * command line arguments. The code also does not link against
+ * any shared libraries (except libc) and is strictly minimal
+ * (except for checking for errors). The following list of people
+ * have reviewed this code and considered it safe since the last
+ * modification (if you reviewed it, please have your name added
+ * to the list):
+ *
+ * - Christian Grothoff
*/
#define _GNU_SOURCE
#include <sys/types.h>
Modified: gnunet/src/transport/gnunet-nat-server.c
===================================================================
--- gnunet/src/transport/gnunet-nat-server.c 2010-02-06 23:13:26 UTC (rev
10241)
+++ gnunet/src/transport/gnunet-nat-server.c 2010-02-06 23:23:14 UTC (rev
10242)
@@ -23,6 +23,21 @@
* @brief Tool to help bypass NATs using ICMP method; must run as root (SUID
will do)
* This code will work under GNU/Linux only (or maybe BSDs, but never
W32)
* @author Christian Grothoff
+ *
+ * This program will send ONE ICMP message every 500 ms RAW sockets
+ * to a DUMMY IP address and also listens for ICMP replies. Since
+ * it uses RAW sockets, it must be installed SUID or run as 'root'.
+ * In order to keep the security risk of the resulting SUID binary
+ * minimal, the program ONLY opens the two RAW sockets with root
+ * priviledges, then drops them and only then starts to process
+ * command line arguments. The code also does not link against
+ * any shared libraries (except libc) and is strictly minimal
+ * (except for checking for errors). The following list of people
+ * have reviewed this code and considered it safe since the last
+ * modification (if you reviewed it, please have your name added
+ * to the list):
+ *
+ * - Christian Grothoff
*/
#define _GNU_SOURCE
#include <sys/types.h>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r10242 - gnunet/src/transport,
gnunet <=