ARP should do SUID up/down around binding

author Alan T. DeKok <aland@freeradius.org>

Sat, 7 Feb 2026 16:09:32 +0000 (11:09 -0500)

committer Alan T. DeKok <aland@freeradius.org>

Sat, 7 Feb 2026 16:45:46 +0000 (11:45 -0500)
author Alan T. DeKok <aland@freeradius.org>
Sat, 7 Feb 2026 16:09:32 +0000 (11:09 -0500)
committer Alan T. DeKok <aland@freeradius.org>
Sat, 7 Feb 2026 16:45:46 +0000 (11:45 -0500)
diff --git a/src/listen/arp/proto_arp_ethernet.c b/src/listen/arp/proto_arp_ethernet.c

index b3c971591bf7ab8267add4d0ce2d4c34542fe37d..d19a6ce65eb9da19519d6a6726cddd93103b35a7 100644 (file)
--- a/src/listen/arp/proto_arp_ethernet.c
+++ b/src/listen/arp/proto_arp_ethernet.c
@@ -24,6 +24,7 @@
   */
  #include <netdb.h>
  #include <freeradius-devel/server/protocol.h>
+#include <freeradius-devel/server/util.h>
  #include <freeradius-devel/util/trie.h>
  #include <freeradius-devel/io/application.h>
  #include <freeradius-devel/io/listen.h>
@@ -172,6 +173,7 @@ static int mod_open(fr_listen_t *li)
  
         char const                      *filter;
         char                            *our_filter = NULL;
+       int                             rcode;
  
         thread->pcap = fr_pcap_init(thread, inst->interface, PCAP_INTERFACE_IN);
         if (!thread->pcap) {
@@ -179,7 +181,10 @@ static int mod_open(fr_listen_t *li)
                 return -1;
         }
  
-       if (fr_pcap_open(thread->pcap) < 0) {
+       rad_suid_up();
+       rcode = fr_pcap_open(thread->pcap);
+       rad_suid_down();
+       if (rcode < 0) {
                 cf_log_err(li->cs, "Failed opening interface %s - %s", inst->interface, fr_strerror());
                 return -1;
         }
author	Alan T. DeKok <aland@freeradius.org>
	Sat, 7 Feb 2026 16:09:32 +0000 (11:09 -0500)
committer	Alan T. DeKok <aland@freeradius.org>
	Sat, 7 Feb 2026 16:45:46 +0000 (11:45 -0500)