107 lines
3.1 KiB
Diff
107 lines
3.1 KiB
Diff
|
--- tcpdump-3.9.4/tcpdump.c.ring 2005-08-23 12:29:41.000000000 +0200
|
||
|
+++ tcpdump-3.9.4/tcpdump.c 2005-12-20 13:32:45.000000000 +0100
|
||
|
@@ -109,7 +109,8 @@
|
||
|
static void ndo_default_print(netdissect_options *, const u_char *, u_int);
|
||
|
static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
|
||
|
static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
|
||
|
-static void droproot(const char *, const char *);
|
||
|
+static void droproot(const char *, const char *, int);
|
||
|
+static void setroot(void);
|
||
|
static void ndo_error(netdissect_options *ndo, const char *fmt, ...);
|
||
|
static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
|
||
|
|
||
|
@@ -295,6 +296,7 @@
|
||
|
char *WFileName;
|
||
|
pcap_t *pd;
|
||
|
pcap_dumper_t *p;
|
||
|
+ char *username;
|
||
|
};
|
||
|
|
||
|
static void
|
||
|
@@ -366,9 +368,10 @@
|
||
|
#ifndef WIN32
|
||
|
/* Drop root privileges and chroot if necessary */
|
||
|
static void
|
||
|
-droproot(const char *username, const char *chroot_dir)
|
||
|
+droproot(const char *username, const char *chroot_dir, int set_uid)
|
||
|
{
|
||
|
struct passwd *pw = NULL;
|
||
|
+ int res;
|
||
|
|
||
|
if (chroot_dir && !username) {
|
||
|
fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
|
||
|
@@ -384,8 +387,11 @@
|
||
|
exit(1);
|
||
|
}
|
||
|
}
|
||
|
- if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
|
||
|
- setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
|
||
|
+ res = (initgroups(pw->pw_name, pw->pw_gid) != 0) ||
|
||
|
+ (set_uid ? (setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) :
|
||
|
+ (setegid(pw->pw_gid) != 0 || seteuid(pw->pw_uid) != 0));
|
||
|
+
|
||
|
+ if (res) {
|
||
|
fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
|
||
|
username,
|
||
|
(unsigned long)pw->pw_uid,
|
||
|
@@ -400,6 +406,17 @@
|
||
|
exit(1);
|
||
|
}
|
||
|
}
|
||
|
+
|
||
|
+/* Set root privileges */
|
||
|
+static void
|
||
|
+setroot(void)
|
||
|
+{
|
||
|
+ if (setegid(0) != 0 || seteuid(0) != 0) {
|
||
|
+ fprintf(stderr, "tcpdump: Couldn't change to root uid=0 gid=0: %s\n",
|
||
|
+ pcap_strerror(errno));
|
||
|
+ exit(1);
|
||
|
+ }
|
||
|
+}
|
||
|
#endif /* WIN32 */
|
||
|
|
||
|
static int
|
||
|
@@ -463,6 +480,7 @@
|
||
|
int devnum;
|
||
|
#endif
|
||
|
int status;
|
||
|
+ int set_uid = 1;
|
||
|
#ifdef WIN32
|
||
|
u_int UserBufferSize = 1000000;
|
||
|
if(wsockinit() != 0) return 1;
|
||
|
@@ -972,7 +990,9 @@
|
||
|
dumpinfo.WFileName = WFileName;
|
||
|
dumpinfo.pd = pd;
|
||
|
dumpinfo.p = p;
|
||
|
+ dumpinfo.username = username;
|
||
|
pcap_userdata = (u_char *)&dumpinfo;
|
||
|
+ set_uid = 0;
|
||
|
} else {
|
||
|
callback = dump_packet;
|
||
|
pcap_userdata = (u_char *)p;
|
||
|
@@ -998,7 +1018,7 @@
|
||
|
*/
|
||
|
if (getuid() == 0 || geteuid() == 0) {
|
||
|
if (username || chroot_dir)
|
||
|
- droproot(username, chroot_dir);
|
||
|
+ droproot(username, chroot_dir, set_uid);
|
||
|
}
|
||
|
#endif /* WIN32 */
|
||
|
#ifdef SIGINFO
|
||
|
@@ -1181,7 +1201,14 @@
|
||
|
if (name == NULL)
|
||
|
error("dump_packet_and_trunc: malloc");
|
||
|
MakeFilename(name, dump_info->WFileName, Cflag_count, WflagChars);
|
||
|
+#ifndef WIN32
|
||
|
+ setroot();
|
||
|
+#endif /* WIN32 */
|
||
|
dump_info->p = pcap_dump_open(dump_info->pd, name);
|
||
|
+#ifndef WIN32
|
||
|
+ if (dump_info->username)
|
||
|
+ droproot(dump_info->username, NULL, 0);
|
||
|
+#endif /* WIN32 */
|
||
|
free(name);
|
||
|
if (dump_info->p == NULL)
|
||
|
error("%s", pcap_geterr(pd));
|