Drop launch-ether-wake

The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).

Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index a335dba7ab1b6dda16e5b27605f5742d92f42a44..d6594b3f8da1d1fb4dd7978dc71cac678289cb59 100644 (file)
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -13,7 +13,6 @@ usr/local/bin/getipstat
 #usr/local/bin/iowrap
 usr/local/bin/ipfirereboot
 usr/local/bin/ipsecctrl
-usr/local/bin/launch-ether-wake
 usr/local/bin/logwatch
 #usr/local/bin/mpfirectrl
 usr/local/bin/openvpnctrl

diff --git a/config/rootfiles/core/154/filelists/etherwake b/config/rootfiles/core/154/filelists/etherwake
new file mode 120000 (symlink)
index 0000000..1bf1e6a
--- /dev/null
+++ b/config/rootfiles/core/154/filelists/etherwake
@@ -0,0 +1 @@
+../../../common/etherwake
\ No newline at end of file

diff --git a/config/rootfiles/core/154/filelists/files b/config/rootfiles/core/154/filelists/files
index b4ab4179079bb8010542f644a124ae9655a90e37..4f8d4e92b3f7a8f2234c4da3049f8142929d76b4 100644 (file)
--- a/config/rootfiles/core/154/filelists/files
+++ b/config/rootfiles/core/154/filelists/files
@@ -19,6 +19,7 @@ srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/remote.cgi
 srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/wakeonlan.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
 usr/local/bin/ipsec-interfaces
 usr/local/bin/sshctrl

diff --git a/config/rootfiles/core/154/update.sh b/config/rootfiles/core/154/update.sh
index a1523f742bab58359a4d0b235472f7cfc0a6a34a..7b73bbd47c0c799bcec0c05be9bc69d2a4f718d0 100644 (file)
--- a/config/rootfiles/core/154/update.sh
+++ b/config/rootfiles/core/154/update.sh
@@ -33,6 +33,7 @@ done
 
 # Remove files
 rm -vf \
+       /usr/local/bin/launch-ether-wake \
        /usr/local/bin/upnpctrl
 
 # Stop services

diff --git a/html/cgi-bin/wakeonlan.cgi b/html/cgi-bin/wakeonlan.cgi
index bb55add70f640e2ce390229db9559393bbd24878..1f7fde54a6e6681bb6247ea1553ad11e9906d60d 100644 (file)
--- a/html/cgi-bin/wakeonlan.cgi
+++ b/html/cgi-bin/wakeonlan.cgi
@@ -171,7 +171,7 @@ if ( $cgiparams{'ACTION'} eq 'wakeup' )
 
   undef %cgiparams;
 
-  system("/usr/local/bin/launch-ether-wake $mac $iface");
+  system("/usr/sbin/etherwake -i $iface $mac");
 
   # make a box with info, 'refresh' to normal screen after 5 seconds
   if ( $refresh eq 'yes' )

diff --git a/lfs/etherwake b/lfs/etherwake
index c133ed12abc5283b63a9df0e58215f3f0f8fd101..3aa961ce2b2c082b12471f93009316e298e0dc48 100644 (file)
--- a/lfs/etherwake
+++ b/lfs/etherwake
@@ -72,5 +72,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
        cd $(DIR_APP) && make install
+
+       # Allow execution by other users than root
+       setcap cap_net_raw+ep /usr/sbin/etherwake
+
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 896b1e916258c1e5b1cc3fe048025ee15b02756d..7c3ef752950c3adbb0bcc5f3e2fb3fd15485745b 100644 (file)
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -27,7 +27,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
        ipsecctrl timectrl dhcpctrl suricatactrl \
        rebuildhosts backupctrl collectdctrl \
        logwatch wioscan wiohelper openvpnctrl firewallctrl \
-       wirelessctrl getipstat qosctrl launch-ether-wake \
+       wirelessctrl getipstat qosctrl \
        redctrl syslogdctrl extrahdctrl sambactrl \
        smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
        setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \

diff --git a/src/misc-progs/launch-ether-wake.c b/src/misc-progs/launch-ether-wake.c
deleted file mode 100644 (file)
index cac4d3c..0000000
--- a/src/misc-progs/launch-ether-wake.c
+++ /dev/null
@@ -1,37 +0,0 @@
-/* This file is part of the Wake-on-LAN GUI AddOn
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence.  See the file COPYING for details.
- *
- * Copyright (C) 2006-03-03 weizen_42
- *
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include "setuid.h"
-
-
-#define BUFFER_SIZE 512
-
-char command[BUFFER_SIZE];
-
-int main(int argc, char *argv[])
-{
-       if (!(initsetuid()))
-               exit(1);
-
-  snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s %s", argv[2], argv[1]);
-  safe_system(command);
-
-  /* Send magic packet with broadcast flag set. */
-  snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s -b %s", argv[2], argv[1]);
-  safe_system(command);
-
-  return(0);
-}