coredump in tracepath

[jon schatz <jon () divisionbyzero com>]

I found a coredump in tracepath, which is part of the iputils package.
I've tested this on RH 7.1 and 7.2, which both use the same version
(from the iputils-20001110-1 rpm). 

[jon@devotchka jon]$ tracepath -n
Segmentation fault (core dumped)
[jon@devotchka jon]$ which tracepath
/usr/sbin/tracepath
[jon@devotchka jon]$ ls -la /usr/sbin/tracepath
-rwxr-xr-x    1 root     root         7036 Jan 16  2001
/usr/sbin/tracepath
[jon@devotchka jon]$ gdb tracepath core
<snip>
#0  0x400b85e3 in strchr () from /lib/libc.so.6
#1  0xbffff834 in ?? ()
#2  0x40053306 in __libc_start_main (main=0x804903c <herror+2060>,
argc=2, ubp_av=0xbffff834, 
    init=0x8048688, fini=0x804932c <herror+2812>, rtld_fini=0x4000d2dc
<_dl_fini>, 
    stack_end=0xbffff82c) at ../sysdeps/generic/libc-start.c:129

Tracepath isn't setuid root in any distro i could find, so i figured
that there's no harm in releasing this. But according to the manpage:

        "GENERAL NOTE: all these applets, except for tracepath[6] should        be
excecutabel only with  CAP_NET_RAWIO  capability.   To  all     that I
know, they are safe to be used as setuid root."

If you have this installed (and I don't know of a distro that doesn't),
make sure the setuid bit is turned off. I've submitted this to the
author as well as redhat's bugzilla.

-jon

-- 
jon () divisionbyzero com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

Attachment: _bin
Description: