From: R.E. Wolff Date: Sun, 29 Jun 2025 12:06:00 +0000 (+0200) Subject: Added protection against use of MTR_PACKET under special circumstances X-Git-Tag: v0.96~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5226f105f087c29d3cfad9f28000e7536af91ac6;p=thirdparty%2Fmtr.git Added protection against use of MTR_PACKET under special circumstances --- diff --git a/ui/cmdpipe.c b/ui/cmdpipe.c index 81acb9c..bd5606a 100644 --- a/ui/cmdpipe.c +++ b/ui/cmdpipe.c @@ -220,10 +220,17 @@ void execute_packet_child( the path to the mtr-packet executable. This is necessary for debugging changes for mtr-packet. */ - char *mtr_packet_path = getenv("MTR_PACKET"); - if (mtr_packet_path == NULL) { + char * mtr_packet_path = NULL; + + // In the rare case that mtr-packet is not setuid-root, + // and a select group of users has sudo privileges to run + // mtr and not much else, THEN create /etc/mtr.is.run.under.sudo + // to prevent a privilege escalation when one of those accounts + // is compromised. CVE-2025-49809 + if (access ("/etc/mtr.is.run.under.sudo", F_OK) != 0) + mtr_packet_path = getenv("MTR_PACKET"); + if (mtr_packet_path == NULL) mtr_packet_path = "mtr-packet"; - } /* First, try to execute mtr-packet from PATH