* software for any purpose. It is provided "as is" without express or
* implied warranty.
*
- * $Revision: 1.37 $
+ * $Revision: 1.39 $
*
* Version 1.0 April 27, 1998.
* - Initial version
hent = gethostbyname (target->name);
if (!hent)
{
- fprintf (stderr, "%s: could not resolve host: %s\n",
- progname, target->name);
+ if (debug_p)
+ fprintf (stderr, "%s: could not resolve host: %s\n",
+ progname, target->name);
return 0;
}
struct sockaddr_in *iaddr = (struct sockaddr_in *) &(target->address);
unsigned long ip = iaddr->sin_addr.s_addr;
- if ((ntohl (ip) & 0xFFFFFF00L) == 0x7f000000L) /* 127.0.0 */
+ if ((ntohl (ip) & 0xFFFFFF00L) == 0x7f000000L) /* 127.0.0.x */
{
if (debug_p)
fprintf (stderr, "%s: ignoring loopback host %s\n",
}
}
+ /* Don't ever use broadcast (255.x.x.x) hosts */
+ {
+ struct sockaddr_in *iaddr = (struct sockaddr_in *) &(target->address);
+ unsigned long ip = iaddr->sin_addr.s_addr;
+ if ((ntohl (ip) & 0xFF000000L) == 0xFF000000L) /* 255.x.x.x */
+ {
+ if (debug_p)
+ fprintf (stderr, "%s: ignoring broadcast host %s\n",
+ progname, target->name);
+ goto target_init_error;
+ }
+ }
+
/* Done */
if (debug_p)
goto ping_init_error;
}
- /* Create the ICMP socket */
+ /* Create the ICMP socket. Do this before dropping privs.
- if ((pi->icmpsock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) >= 0) {
+ Raw sockets can only be opened by root (or setuid root), so we
+ only try to do this when the effective uid is 0.
+
+ We used to just always try, and notice the failure. But apparently
+ that causes "SELinux" to log spurious warnings when running with the
+ "strict" policy. So to avoid that, we just don't try unless we
+ know it will work.
+ */
+ if (geteuid() == 0 &&
+ (pi->icmpsock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) >= 0) {
socket_initted_p = True;
}
sensor = 0;
# ifdef HAVE_PING
- sensor_info = (void *) init_ping();
+ /* init_ping() will fail if not root, so checking the effective uid
+ isn't necessary -- except that on some systems, it makes some
+ SELinux bullshit show up in syslog, which gets people's panties
+ in a bunch. */
+ if (geteuid () == 0)
+ sensor_info = (void *) init_ping();
+ else
+ sensor_info = 0;
# else /* !HAVE_PING */
sensor_info = 0;
parse_mode (0); /* just to check argument syntax */