From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 5 Jan 2021 16:01:56 +0000 (+0000)
Subject: Drop launch-ether-wake
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9f9f16366d6a8332d5fd8e864d1a9c552db1387;p=people%2Fms%2Fipfire-2.x.git

Drop launch-ether-wake

The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).

Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index a335dba7ab..d6594b3f8d 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -13,7 +13,6 @@ usr/local/bin/getipstat
 #usr/local/bin/iowrap
 usr/local/bin/ipfirereboot
 usr/local/bin/ipsecctrl
-usr/local/bin/launch-ether-wake
 usr/local/bin/logwatch
 #usr/local/bin/mpfirectrl
 usr/local/bin/openvpnctrl
diff --git a/config/rootfiles/core/154/filelists/etherwake b/config/rootfiles/core/154/filelists/etherwake
new file mode 120000
index 0000000000..1bf1e6a545
--- /dev/null
+++ b/config/rootfiles/core/154/filelists/etherwake
@@ -0,0 +1 @@
+../../../common/etherwake
\ No newline at end of file
diff --git a/config/rootfiles/core/154/filelists/files b/config/rootfiles/core/154/filelists/files
index b4ab417907..4f8d4e92b3 100644
--- a/config/rootfiles/core/154/filelists/files
+++ b/config/rootfiles/core/154/filelists/files
@@ -19,6 +19,7 @@ srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/remote.cgi
 srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/wakeonlan.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
 usr/local/bin/ipsec-interfaces
 usr/local/bin/sshctrl
diff --git a/config/rootfiles/core/154/update.sh b/config/rootfiles/core/154/update.sh
index a1523f742b..7b73bbd47c 100644
--- a/config/rootfiles/core/154/update.sh
+++ b/config/rootfiles/core/154/update.sh
@@ -33,6 +33,7 @@ done
 
 # Remove files
 rm -vf \
+	/usr/local/bin/launch-ether-wake \
 	/usr/local/bin/upnpctrl
 
 # Stop services
diff --git a/html/cgi-bin/wakeonlan.cgi b/html/cgi-bin/wakeonlan.cgi
index bb55add70f..1f7fde54a6 100644
--- a/html/cgi-bin/wakeonlan.cgi
+++ b/html/cgi-bin/wakeonlan.cgi
@@ -171,7 +171,7 @@ if ( $cgiparams{'ACTION'} eq 'wakeup' )
 
   undef %cgiparams;
 
-  system("/usr/local/bin/launch-ether-wake $mac $iface");
+  system("/usr/sbin/etherwake -i $iface $mac");
 
   # make a box with info, 'refresh' to normal screen after 5 seconds
   if ( $refresh eq 'yes' )
diff --git a/lfs/etherwake b/lfs/etherwake
index c133ed12ab..3aa961ce2b 100644
--- a/lfs/etherwake
+++ b/lfs/etherwake
@@ -72,5 +72,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP) && make install
+
+	# Allow execution by other users than root
+	setcap cap_net_raw+ep /usr/sbin/etherwake
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 896b1e9162..7c3ef75295 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -27,7 +27,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
 	ipsecctrl timectrl dhcpctrl suricatactrl \
 	rebuildhosts backupctrl collectdctrl \
 	logwatch wioscan wiohelper openvpnctrl firewallctrl \
-	wirelessctrl getipstat qosctrl launch-ether-wake \
+	wirelessctrl getipstat qosctrl \
 	redctrl syslogdctrl extrahdctrl sambactrl \
 	smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
diff --git a/src/misc-progs/launch-ether-wake.c b/src/misc-progs/launch-ether-wake.c
deleted file mode 100644
index cac4d3c3fe..0000000000
--- a/src/misc-progs/launch-ether-wake.c
+++ /dev/null
@@ -1,37 +0,0 @@
-/* This file is part of the Wake-on-LAN GUI AddOn
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence.  See the file COPYING for details.
- *
- * Copyright (C) 2006-03-03 weizen_42
- *
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include "setuid.h"
-
-
-#define BUFFER_SIZE 512
-
-char command[BUFFER_SIZE];
-
-int main(int argc, char *argv[])
-{
-	if (!(initsetuid()))
-		exit(1);
-
-  snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s %s", argv[2], argv[1]);
-  safe_system(command);
-
-  /* Send magic packet with broadcast flag set. */
-  snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s -b %s", argv[2], argv[1]);
-  safe_system(command);
-
-  return(0);
-}