From 5dacba1793b581e6b92f713aa3e51de75ff70e50 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 28 Mar 2013 19:26:11 -0700
Subject: Make sure ping doesn't ever run with privileges.

Ping on Android doesn't require any special privileges. Halt and
catch fire if we detect we're running with privileges.

Change-Id: Ic4cd03ae7767df1a96813a098cfef0cf008a752a
---
 ping.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ping.c b/ping.c
index 14bd52a..2b41f44 100644
--- a/ping.c
+++ b/ping.c
@@ -64,6 +64,7 @@ char copyright[] =
 #include <netinet/ip_icmp.h>
 
 #ifdef ANDROID
+#include <sys/auxv.h>
 #define bcmp(a, b, c) memcmp(a, b, c)
 #endif
 
@@ -118,6 +119,13 @@ main(int argc, char **argv)
 	char *target, hnamebuf[MAXHOSTNAMELEN];
 	char rspace[3 + 4 * NROUTES + 1];	/* record route space */
 
+#ifdef ANDROID
+	if (getauxval(AT_SECURE) != 0) {
+		fprintf(stderr, "This version of ping should NOT run with privileges. Aborting\n");
+		exit(1);
+	}
+#endif
+
 	icmp_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
 	if (icmp_sock != -1)
 		using_ping_socket = 1;
@@ -126,7 +134,9 @@ main(int argc, char **argv)
 	socket_errno = errno;
 
 	uid = getuid();
+#ifndef ANDROID
 	setuid(uid);
+#endif
 
 	source.sin_family = AF_INET;
 
-- 
cgit v1.2.3