tcp ddos: add tcpddosctrl for safe execution

add tcpddosctrl to start/stop/status XDP
TCP DDoS program from tcp-ddos.cgi safely.

permission of tcpddosctrl

chown root.nobody /usr/local/bin/tcpddosctrl
chmod u+s /usr/local/bin/tcpddosctrl

result:
-rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>

config/rootfiles/common/misc-progs

@@ -29,6 +29,7 @@ usr/local/bin/suricatactrl
 usr/local/bin/sshctrl
 usr/local/bin/syslogdctrl
 usr/local/bin/timectrl
+usr/local/bin/tcpddosctrl
 #usr/local/bin/torctrl
 usr/local/bin/unboundctrl
 usr/local/bin/updxlratorctrl

src/misc-progs/Makefile

@@ -32,7 +32,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
 	smartctrl clamavctrl addonctrl pakfire wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
 	getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \
-	captivectrl
+	captivectrl tcpddosctrl
 
 OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))
 

src/misc-progs/tcpddosctrl.c

@@ -0,0 +1,38 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+
+	if (!(initsetuid()))
+		exit(1);
+
+	if (argc < 2) {
+		fprintf(stderr, "\nNo argument given.\n\ntcpddosctrl (start|stop|restart)\n\n");
+		exit(1);
+	}
+
+	if (strcmp(argv[1], "start") == 0) {
+		safe_system("/etc/rc.d/init.d/tcp-ddos start");
+	} else if (strcmp(argv[1], "stop") == 0) {
+		safe_system("/etc/rc.d/init.d/tcp-ddos stop");
+	} else if (strcmp(argv[1], "restart") == 0) {
+		safe_system("/etc/rc.d/init.d/tcp-ddos restart");
+	} else {
+		fprintf(stderr, "\nBad argument given.\n\ntcpddosctrl (start|stop|restart)\n\n");
+		exit(1);
+	}
+
+	return 0;
+}