Drop launch-ether-wake

The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).

Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/common/misc-progs

@@ -13,7 +13,6 @@ usr/local/bin/getipstat
 #usr/local/bin/iowrap
 usr/local/bin/ipfirereboot
 usr/local/bin/ipsecctrl
-usr/local/bin/launch-ether-wake
 usr/local/bin/logwatch
 #usr/local/bin/mpfirectrl
 usr/local/bin/openvpnctrl

config/rootfiles/core/154/filelists/etherwake

@@ -0,0 +1 @@
+../../../common/etherwake

config/rootfiles/core/154/filelists/files

@@ -19,6 +19,7 @@ srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/remote.cgi
 srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/wakeonlan.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
 usr/local/bin/ipsec-interfaces
 usr/local/bin/sshctrl

config/rootfiles/core/154/update.sh

@@ -33,6 +33,7 @@ done
 
 # Remove files
 rm -vf \
+	/usr/local/bin/launch-ether-wake \
 	/usr/local/bin/upnpctrl
 
 # Stop services

html/cgi-bin/wakeonlan.cgi

@@ -171,7 +171,7 @@ if ( $cgiparams{'ACTION'} eq 'wakeup' )
 
   undef %cgiparams;
 
-  system("/usr/local/bin/launch-ether-wake $mac $iface");
+  system("/usr/sbin/etherwake -i $iface $mac");
 
   # make a box with info, 'refresh' to normal screen after 5 seconds
   if ( $refresh eq 'yes' )

lfs/etherwake

@@ -72,5 +72,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP) && make install
+
+	# Allow execution by other users than root
+	setcap cap_net_raw+ep /usr/sbin/etherwake
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

src/misc-progs/Makefile

@@ -27,7 +27,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
 	ipsecctrl timectrl dhcpctrl suricatactrl \
 	rebuildhosts backupctrl collectdctrl \
 	logwatch wioscan wiohelper openvpnctrl firewallctrl \
-	wirelessctrl getipstat qosctrl launch-ether-wake \
+	wirelessctrl getipstat qosctrl \
 	redctrl syslogdctrl extrahdctrl sambactrl \
 	smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \

src/misc-progs/launch-ether-wake.c

@@ -1,37 +0,0 @@
-/* This file is part of the Wake-on-LAN GUI AddOn
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence.  See the file COPYING for details.
- *
- * Copyright (C) 2006-03-03 weizen_42
- *
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include "setuid.h"
-
-
-#define BUFFER_SIZE 512
-
-char command[BUFFER_SIZE];
-
-int main(int argc, char *argv[])
-{
-	if (!(initsetuid()))
-		exit(1);
-
-  snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s %s", argv[2], argv[1]);
-  safe_system(command);
-
-  /* Send magic packet with broadcast flag set. */
-  snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s -b %s", argv[2], argv[1]);
-  safe_system(command);
-
-  return(0);
-}