From: Alan T. DeKok <aland@freeradius.org>
Date: Sat, 7 Feb 2026 16:09:32 +0000 (-0500)
Subject: ARP should do SUID up/down around binding
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=57f15e19d88c17e49b934febb602e80dd7fac35b;p=thirdparty%2Ffreeradius-server.git

ARP should do SUID up/down around binding
---

diff --git a/src/listen/arp/proto_arp_ethernet.c b/src/listen/arp/proto_arp_ethernet.c
index b3c971591bf..d19a6ce65eb 100644
--- a/src/listen/arp/proto_arp_ethernet.c
+++ b/src/listen/arp/proto_arp_ethernet.c
@@ -24,6 +24,7 @@
  */
 #include <netdb.h>
 #include <freeradius-devel/server/protocol.h>
+#include <freeradius-devel/server/util.h>
 #include <freeradius-devel/util/trie.h>
 #include <freeradius-devel/io/application.h>
 #include <freeradius-devel/io/listen.h>
@@ -172,6 +173,7 @@ static int mod_open(fr_listen_t *li)
 
 	char const			*filter;
 	char				*our_filter = NULL;
+	int				rcode;
 
 	thread->pcap = fr_pcap_init(thread, inst->interface, PCAP_INTERFACE_IN);
 	if (!thread->pcap) {
@@ -179,7 +181,10 @@ static int mod_open(fr_listen_t *li)
 		return -1;
 	}
 
-	if (fr_pcap_open(thread->pcap) < 0) {
+	rad_suid_up();
+	rcode = fr_pcap_open(thread->pcap);
+	rad_suid_down();
+	if (rcode < 0) {
 		cf_log_err(li->cs, "Failed opening interface %s - %s", inst->interface, fr_strerror());
 		return -1;
 	}