Make sure ping doesn't ever run with privileges.

Ping on Android doesn't require any special privileges. Halt and catch fire if we detect we're running with privileges. Change-Id: Ic4cd03ae7767df1a96813a098cfef0cf008a752a
author: Nick Kralevich <nnk@google.com> 2013-03-28 19:26:11 -0700
committer: Nick Kralevich <nnk@google.com> 2013-03-28 19:30:11 -0700
commit: 5dacba1793b581e6b92f713aa3e51de75ff70e50 (patch)
tree: a6f02e737acc9ef318ac1d5a68ca4f2470d9011b
parent: 27ca8cd5cb0891c8a15175b52c5c24253dea5b17 (diff)
download: ping-5dacba1793b581e6b92f713aa3e51de75ff70e50.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/ping.c b/ping.c
index 14bd52a..2b41f44 100644
--- a/ping.c
+++ b/ping.c
@@ -64,6 +64,7 @@ char copyright[] =
 #include <netinet/ip_icmp.h>
 
 #ifdef ANDROID
+#include <sys/auxv.h>
 #define bcmp(a, b, c) memcmp(a, b, c)
 #endif
 
@@ -118,6 +119,13 @@ main(int argc, char **argv)
 	char *target, hnamebuf[MAXHOSTNAMELEN];
 	char rspace[3 + 4 * NROUTES + 1];	/* record route space */
 
+#ifdef ANDROID
+	if (getauxval(AT_SECURE) != 0) {
+		fprintf(stderr, "This version of ping should NOT run with privileges. Aborting\n");
+		exit(1);
+	}
+#endif
+
 	icmp_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
 	if (icmp_sock != -1)
 		using_ping_socket = 1;
@@ -126,7 +134,9 @@ main(int argc, char **argv)
 	socket_errno = errno;
 
 	uid = getuid();
+#ifndef ANDROID
 	setuid(uid);
+#endif
 
 	source.sin_family = AF_INET;
author	Nick Kralevich <nnk@google.com>	2013-03-28 19:26:11 -0700
committer	Nick Kralevich <nnk@google.com>	2013-03-28 19:30:11 -0700
commit	5dacba1793b581e6b92f713aa3e51de75ff70e50 (patch)
tree	a6f02e737acc9ef318ac1d5a68ca4f2470d9011b
parent	27ca8cd5cb0891c8a15175b52c5c24253dea5b17 (diff)
download	ping-5dacba1793b581e6b92f713aa3e51de75ff70e50.tar.gz