From 93534968645f55e76486a603ce857b4f695bede1 Mon Sep 17 00:00:00 2001
From: Vincent Li <vincent.mc.li@gmail.com>
Date: Tue, 19 Mar 2024 16:44:14 +0000
Subject: [PATCH] Add ddosctrl program for safe execution

add ddosctrl to start/stop/status XDP
program from ddos.cgi safely.

permission of ddosctrl

chown root.nobody /usr/local/bin/ddosctrl
chmod u+s /usr/local/bin/ddosctrl

result:

-rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
---
 config/rootfiles/common/misc-progs |  1 +
 src/misc-progs/Makefile            |  2 +-
 src/misc-progs/ddosctrl.c          | 40 ++++++++++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 src/misc-progs/ddosctrl.c

diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index d6594b3f8..1c89f6ba5 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -38,3 +38,4 @@ usr/local/bin/urlfilterctrl
 usr/local/bin/wirelessclient
 usr/local/bin/wirelessctrl
 #usr/local/bin/wlanapctrl
+usr/local/bin/ddosctrl
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 7c3ef7529..43c11acf0 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -32,7 +32,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
 	smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
 	getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \
-	captivectrl
+	captivectrl ddosctrl
 
 OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))
 
diff --git a/src/misc-progs/ddosctrl.c b/src/misc-progs/ddosctrl.c
new file mode 100644
index 000000000..4bc0508d8
--- /dev/null
+++ b/src/misc-progs/ddosctrl.c
@@ -0,0 +1,40 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+
+	if (!(initsetuid()))
+		exit(1);
+
+	if (argc < 2) {
+		fprintf(stderr, "\nNo argument given.\n\nddosctrl (start|stop|restart)\n\n");
+		exit(1);
+	}
+
+	if (strcmp(argv[1], "start") == 0) {
+		safe_system("/etc/rc.d/init.d/ddos start");
+	} else if (strcmp(argv[1], "stop") == 0) {
+		safe_system("/etc/rc.d/init.d/ddos stop");
+	} else if (strcmp(argv[1], "restart") == 0) {
+		safe_system("/etc/rc.d/init.d/ddos restart");
+	} else if (strcmp(argv[1], "status") == 0) {
+		safe_system("/etc/rc.d/init.d/ddos status");
+	} else {
+		fprintf(stderr, "\nBad argument given.\n\nddosctrl (start|stop|restart|status)\n\n");
+		exit(1);
+	}
+
+	return 0;
+}