From 5226f105f087c29d3cfad9f28000e7536af91ac6 Mon Sep 17 00:00:00 2001 From: "R.E. Wolff" Date: Sun, 29 Jun 2025 14:06:00 +0200 Subject: [PATCH] Added protection against use of MTR_PACKET under special circumstances --- ui/cmdpipe.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/ui/cmdpipe.c b/ui/cmdpipe.c index 81acb9c..bd5606a 100644 --- a/ui/cmdpipe.c +++ b/ui/cmdpipe.c @@ -220,10 +220,17 @@ void execute_packet_child( the path to the mtr-packet executable. This is necessary for debugging changes for mtr-packet. */ - char *mtr_packet_path = getenv("MTR_PACKET"); - if (mtr_packet_path == NULL) { + char * mtr_packet_path = NULL; + + // In the rare case that mtr-packet is not setuid-root, + // and a select group of users has sudo privileges to run + // mtr and not much else, THEN create /etc/mtr.is.run.under.sudo + // to prevent a privilege escalation when one of those accounts + // is compromised. CVE-2025-49809 + if (access ("/etc/mtr.is.run.under.sudo", F_OK) != 0) + mtr_packet_path = getenv("MTR_PACKET"); + if (mtr_packet_path == NULL) mtr_packet_path = "mtr-packet"; - } /* First, try to execute mtr-packet from PATH -- 2.47.3