main/busybox: fix ping without root permissions

using SOCK_DGRAM requested by docker inc.
author: Natanael Copa <ncopa@alpinelinux.org> 2016-03-29 17:27:09 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2016-03-29 17:27:09 +0000
commit: a3bc85c3cd190580d9a95526a4e89b6cdda0a9e0 (patch)
tree: 96a9f0d6e1eecddc68829d3eeb87804586a551c4 /main/busybox
parent: 52b8efc514e679e927a690dfb6389097e0a273cd (diff)
download: aports-a3bc85c3cd190580d9a95526a4e89b6cdda0a9e0.tar.bz2
aports-a3bc85c3cd190580d9a95526a4e89b6cdda0a9e0.tar.xz
3 files changed, 207 insertions, 8 deletions
diff --git a/main/busybox/0001-ping-make-ping-work-without-root-privileges.patch b/main/busybox/0001-ping-make-ping-work-without-root-privileges.patch
new file mode 100644
index 0000000000..43c45f31b3
--- /dev/null
+++ b/main/busybox/0001-ping-make-ping-work-without-root-privileges.patch
@@ -0,0 +1,197 @@
+From 8fa06464b2c1cb80553a0f47b47503cf231d64d8 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 29 Mar 2016 18:59:22 +0200
+Subject: [PATCH] ping: make ping work without root privileges
+
+---
+ networking/ping.c | 103 +++++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 87 insertions(+), 16 deletions(-)
+
+diff --git a/networking/ping.c b/networking/ping.c
+index dcbf196..1d96790 100644
+--- a/networking/ping.c
++++ b/networking/ping.c
+@@ -154,6 +154,7 @@ enum {
+ 	pingsock = 0,
+ };
+ 
++static int using_dgram;
+ static void
+ #if ENABLE_PING6
+ create_icmp_socket(len_and_sockaddr *lsa)
+@@ -170,9 +171,23 @@ create_icmp_socket(void)
+ #endif
+ 		sock = socket(AF_INET, SOCK_RAW, 1); /* 1 == ICMP */
+ 	if (sock < 0) {
+-		if (errno == EPERM)
+-			bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+-		bb_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
++		if (errno != EPERM)
++			bb_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
++#if defined(__linux__) || defined(__APPLE__)
++		/* We don't have root privileges.  Try SOCK_DGRAM instead.
++		 * Linux needs net.ipv4.ping_group_range for this to work.
++		 * MacOSX allows ICMP_ECHO, ICMP_TSTAMP or ICMP_MASKREQ
++		 */
++#if ENABLE_PING6
++		if (lsa->u.sa.sa_family == AF_INET6)
++			sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
++		else
++#endif
++			sock = socket(AF_INET, SOCK_DGRAM, 1); /* 1 == ICMP */
++		if (sock < 0)
++#endif
++		bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
++		using_dgram = 1;
+ 	}
+ 
+ 	xmove_fd(sock, pingsock);
+@@ -223,10 +238,12 @@ static void ping4(len_and_sockaddr *lsa)
+ 				bb_perror_msg("recvfrom");
+ 			continue;
+ 		}
+-		if (c >= 76) {			/* ip + icmp */
+-			struct iphdr *iphdr = (struct iphdr *) G.packet;
++		if (c >= 76 || using_dgram && (c == 64)) {			/* ip + icmp */
++			if(!using_dgram) {
++				struct iphdr *iphdr = (struct iphdr *) G.packet;
+ 
+-			pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2));	/* skip ip hdr */
++				pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2));	/* skip ip hdr */
++			} else pkt = (struct icmp *) G.packet;
+ 			if (pkt->icmp_type == ICMP_ECHOREPLY)
+ 				break;
+ 		}
+@@ -619,19 +636,21 @@ static void unpack_tail(int sz, uint32_t *tp,
+ }
+ static void unpack4(char *buf, int sz, struct sockaddr_in *from)
+ {
+-	struct icmp *icmppkt;
+ 	struct iphdr *iphdr;
++	struct icmp *icmppkt;
+ 	int hlen;
+ 
+ 	/* discard if too short */
+ 	if (sz < (datalen + ICMP_MINLEN))
+ 		return;
++	if(!using_dgram) {
++		/* check IP header */
++		iphdr = (struct iphdr *) buf;
++		hlen = iphdr->ihl << 2;
++		sz -= hlen;
++		icmppkt = (struct icmp *) (buf + hlen);
++	} else icmppkt = (struct icmp *) buf;
+ 
+-	/* check IP header */
+-	iphdr = (struct iphdr *) buf;
+-	hlen = iphdr->ihl << 2;
+-	sz -= hlen;
+-	icmppkt = (struct icmp *) (buf + hlen);
+ 	if (icmppkt->icmp_id != myid)
+ 		return;				/* not our ping */
+ 
+@@ -643,7 +662,7 @@ static void unpack4(char *buf, int sz, struct sockaddr_in *from)
+ 			tp = (uint32_t *) icmppkt->icmp_data;
+ 		unpack_tail(sz, tp,
+ 			inet_ntoa(*(struct in_addr *) &from->sin_addr.s_addr),
+-			recv_seq, iphdr->ttl);
++			recv_seq, using_dgram ? 42 : iphdr->ttl);
+ 	} else if (icmppkt->icmp_type != ICMP_ECHO) {
+ 		bb_error_msg("warning: got ICMP %d (%s)",
+ 				icmppkt->icmp_type,
+@@ -687,11 +706,31 @@ static void ping4(len_and_sockaddr *lsa)
+ 	int sockopt;
+ 
+ 	pingaddr.sin = lsa->u.sin;
+-	if (source_lsa) {
++	if (source_lsa && !using_dgram) {
+ 		if (setsockopt(pingsock, IPPROTO_IP, IP_MULTICAST_IF,
+ 				&source_lsa->u.sa, source_lsa->len))
+ 			bb_error_msg_and_die("can't set multicast source interface");
+ 		xbind(pingsock, &source_lsa->u.sa, source_lsa->len);
++	} else if(using_dgram) {
++		struct sockaddr_in sa;
++		socklen_t sl;
++
++		sa.sin_family = AF_INET;
++		sa.sin_port = 0;
++		sa.sin_addr.s_addr = source_lsa ?
++			source_lsa->u.sin.sin_addr.s_addr : 0;
++		sl = sizeof(sa);
++
++		if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) {
++			perror("bind");
++			exit(2);
++		}
++
++		if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) {
++			perror("getsockname");
++			exit(2);
++		}
++		myid = sa.sin_port;
+ 	}
+ 
+ 	/* enable broadcast pings */
+@@ -708,6 +747,15 @@ static void ping4(len_and_sockaddr *lsa)
+ 		setsockopt_int(pingsock, IPPROTO_IP, IP_MULTICAST_TTL, opt_ttl);
+ 	}
+ 
++	if(using_dgram) {
++		int hold = 65536;
++		if (setsockopt(pingsock, SOL_IP, IP_RECVTTL, (char *)&hold, sizeof(hold)))
++			perror("WARNING: setsockopt(IP_RECVTTL)");
++		if (setsockopt(pingsock, SOL_IP, IP_RETOPTS, (char *)&hold, sizeof(hold)))
++			perror("WARNING: setsockopt(IP_RETOPTS)");
++
++	}
++
+ 	signal(SIGINT, print_stats_and_exit);
+ 
+ 	/* start the ping's going ... */
+@@ -742,10 +790,33 @@ static void ping6(len_and_sockaddr *lsa)
+ 	char control_buf[CMSG_SPACE(36)];
+ 
+ 	pingaddr.sin6 = lsa->u.sin6;
+-	if (source_lsa)
++	if (source_lsa && !using_dgram)
+ 		xbind(pingsock, &source_lsa->u.sa, source_lsa->len);
++	else if(using_dgram) {
++                struct sockaddr_in6 sa = {0};
++                socklen_t sl;
++
++                sa.sin6_family = AF_INET6;
++                sa.sin6_port = 0;
++		if(source_lsa) {
++			memcpy(&sa.sin6_addr, &source_lsa->u.sin6.sin6_addr, sizeof(struct in6_addr));
++		}
++                sl = sizeof(sa);
++
++                if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) {
++                        perror("bind");
++                        exit(2);
++                }
++
++                if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) {
++                        perror("getsockname");
++                        exit(2);
++                }
++                myid = sa.sin6_port;
++	}
+ 
+ #ifdef ICMP6_FILTER
++	if(!using_dgram)
+ 	{
+ 		struct icmp6_filter filt;
+ 		if (!(option_mask32 & OPT_VERBOSE)) {
+@@ -874,7 +945,7 @@ static int common_ping_main(int opt, char **argv)
+ 	if (opt & OPT_p)
+ 		G.pattern = xstrtou_range(str_p, 16, 0, 255);
+ 
+-	myid = (uint16_t) getpid();
++	if (!using_dgram) myid = (uint16_t) getpid();
+ 	hostname = argv[optind];
+ #if ENABLE_PING6
+ 	{
+-- 
+2.7.4
+
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 3c89568881..02303ea96f 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=busybox
 pkgver=1.24.2
-pkgrel=1
+pkgrel=2
 pkgdesc="Size optimized toolbox of many common UNIX utilities"
 url=http://busybox.net
 arch="all"
@@ -20,6 +20,7 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
 	bb-app-location.patch
 	loginutils-sha512.patch
 	udhcpc-discover-retries.patch
+	0001-ping-make-ping-work-without-root-privileges.patch
 
 	busybox-1.24.2-CVE-2016-2147.patch
 	busybox-1.24.2-CVE-2016-2148.patch
@@ -156,12 +157,13 @@ static() {
 }
 
 md5sums="2eaae519cac1143bcf583636a745381f  busybox-1.24.2.tar.bz2
-20cfe7572c74d592edb91826423261af  bbsuid.c
+378058009a1d6b1e321617b32b933e28  bbsuid.c
 d64b58a30892c558bdbab7f0d0997577  nologin.c
 4c0f3b486eaa0674961b7ddcd0c60a9b  busybox-1.11.1-bb.patch
 c5a8dbc8696db6da9c4624b0e11d8fba  bb-app-location.patch
 8c42c9ef0f0419c314c86bcaf7796106  loginutils-sha512.patch
 91a7584a562a72ba886936558e576bbd  udhcpc-discover-retries.patch
+2b01339da696625108037303aec419d5  0001-ping-make-ping-work-without-root-privileges.patch
 c45a85f5ced712743efbb683900f8c1d  busybox-1.24.2-CVE-2016-2147.patch
 850a57ca2871e370b4916161a0320a3f  busybox-1.24.2-CVE-2016-2148.patch
 d6f0ecf89f7633753d8998abe7e06e7e  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
@@ -182,12 +184,13 @@ a4d1cf64fd1835a284ccc6dbc78e3ce0  0001-ash-fix-error-during-recursive-processing
 78724c22bb072eedf42fd17452bfe4d3  busyboxconfig
 befaac2c59c380e36a452b3f1c1d4a3a  glibc.patch"
 sha256sums="e71ef53ec656f31c42633918d301405d40dea1d97eca12f272217ae4a971c855  busybox-1.24.2.tar.bz2
-95875a0f3b7b3d710ee4d4f197e37dc17c8d4a78a71e78786c8474f97eddb4e5  bbsuid.c
+52bd2c7c44779f910eedd2fea73ec0de520add400894cc132276587e25c73e39  bbsuid.c
 9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d  nologin.c
 327bb8049e2726351a5c8b6b2cef864f6ce58725d4453983f97092ea73656ccc  busybox-1.11.1-bb.patch
 576366b4d50f1078da6c0364ef70415de92d97c93c64f4d790b11d7a34cdccd2  bb-app-location.patch
 57674b20158c0b266ed028b0c65299f9cbcad7d33d19c9fcc403d3967daba493  loginutils-sha512.patch
 90825a443339f1c8c249d05f7b025ce53e374d305f8e113d98d45146b105494d  udhcpc-discover-retries.patch
+cbc27953386429b0fa19856b881c6a1e88824ad6a77c21ecd409391d9857d319  0001-ping-make-ping-work-without-root-privileges.patch
 7cedbcfe2744a7efc1d811372932bc8ef610b8bbdfe34d28ba5a0b5d582b885d  busybox-1.24.2-CVE-2016-2147.patch
 0d42e12334ff14616ce9dc22f02f15c8f3df3ef3334c9ef81abd29d21b5ac687  busybox-1.24.2-CVE-2016-2148.patch
 666d0e9c5a4b37aca84d88138736012527d97de578f81b719bf913f558823e18  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
@@ -208,12 +211,13 @@ f7cbeb5a5a47395ad30454ce8262abcd3e91c33ef803c2ae31a9258d7142dd48  acpid.logrotat
 529499778b833285d1cf821ef45dc1ef74f536fea010a43688e0bbab48c4c3a7  busyboxconfig
 c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0  glibc.patch"
 sha512sums="4d20fb68ee440be2855231c7fd5f3cb9dd9bfcc1a688f0b59cd3f7a55c8819e9cc44bd15f91500713571f2a84e5e44adc0fa8ae0ae3ebf63961dfc9e1c9ef8e0  busybox-1.24.2.tar.bz2
-846cd18a720b638f8b95eaee25e92fc2f2f54ed918be637e8f0761aea480cf988855691ca3d895f12acd013b5bc704b91cda85cf0ce6b68d195fd5d6d1e9a33b  bbsuid.c
+c1dd56509277c59751907a27f067f1622191ddfd498acfe390d83136d36a41f2bdfc2fd4daf35af77219a66fb00fea20483f34112afd5df2ccd9f36ab548e66f  bbsuid.c
 4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2  nologin.c
 eb7cce973bfd53ce3350713437b9e2751becfb8dfb10b14f27c4f812297c403b90f80dc2906179d499e8dffbe6df8aa37ae27625c552162923d59fe35b55b32b  busybox-1.11.1-bb.patch
 5c42b05be69c834c9fd5372c6b0d55a6399c74146a94ea09eae7285dd4fa75d1bde38bf7ab73e98638f65eb72db02115453cbdfe85a0085d742940366f617c7d  bb-app-location.patch
 69af4800fcf765b4ae029daced7ff171b6b04d810c94a987c7ba848e275a27b77b18b38df1b85f4a12c4a47ed42f62e0768260eb1198e2aff1c3cea898b85c61  loginutils-sha512.patch
 34415fe69f6b8d42756046aa8e6d9e4f64a3b0ceb9f57c4c988e35870fe975f05d0ac76f1f9a712196e9c59e67aa2a54abf398242009134fb3aca342c25a3646  udhcpc-discover-retries.patch
+046576b60650a455a6f37272a9edb57d3878eae02d18d01a144286be632faae9ec9ee88f1fd4dfb2a8018c2f8b630bac06eefd2e75f16d22c4b807aa2b256366  0001-ping-make-ping-work-without-root-privileges.patch
 1268f11089ab5bc4d296995ff8216a8f2f6fbb644d20f04502f92fcadd1cafade43eb6e613fe4b9ab7e475e2bcc3b85ae8196d78c4d56a62db2ce0f3564ba644  busybox-1.24.2-CVE-2016-2147.patch
 0ffdfa24d5943a15d924fdd42b5d410c0a215d0cad1753caf6c6aba7d0e5be7a883b561a683a4ac8b906e96b1839f4e6f235501c1467afe50508284f51e42c0c  busybox-1.24.2-CVE-2016-2148.patch
 9c836f85d5bc3b33d459394679a93635658c59fb744e266109f84531d391880926d62d671f8ccef56d3b744f0bcc54a8ad2789931e50dcbc40d5d94158bcc503  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
diff --git a/main/busybox/bbsuid.c b/main/busybox/bbsuid.c
index f015163e0e..3786312f5c 100644
--- a/main/busybox/bbsuid.c
+++ b/main/busybox/bbsuid.c
@@ -21,8 +21,6 @@
 
 const static char * applets[] = {
 	"/bin/mount",
-	"/bin/ping",
-	"/bin/ping6",
 	"/bin/umount",
 	"/usr/bin/crontab",
 	"/usr/bin/passwd",
@@ -92,7 +90,7 @@ static int install_links(void)
 int main(int argc, char **argv)
 {
 	const char *app = applet_from_path(argv[0]);
-	
+
 	if (strcmp(app, "bbsuid") == 0) {
 		if (argc == 2 && strcmp(argv[1], "--install") == 0)
 			return install_links();
@@ -101,7 +99,7 @@ int main(int argc, char **argv)
 
 	if (is_valid_applet(app))
 		return exec_busybox(app, argc, argv);
-	
+
 	errx(1, "%s is not a valid applet", app);
 	return 1;
 }
author	Natanael Copa <ncopa@alpinelinux.org>	2016-03-29 17:27:09 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2016-03-29 17:27:09 +0000
commit	a3bc85c3cd190580d9a95526a4e89b6cdda0a9e0 (patch)
tree	96a9f0d6e1eecddc68829d3eeb87804586a551c4 /main/busybox
parent	52b8efc514e679e927a690dfb6389097e0a273cd (diff)
download	aports-a3bc85c3cd190580d9a95526a4e89b6cdda0a9e0.tar.bz2 aports-a3bc85c3cd190580d9a95526a4e89b6cdda0a9e0.tar.xz