tcpdump/tcpdump-4.0.0-droproot.patch

--- tcpdump-3.9.7/tcpdump.c.droproot	2006-09-19 21:07:57.000000000 +0200
+++ tcpdump-3.9.7/tcpdump.c	2007-07-24 16:15:54.000000000 +0200
@@ -958,6 +958,11 @@ main(int argc, char **argv)
 		(void)setsignal(SIGHUP, oldhandler);
 #endif /* WIN32 */
 
+	if (Cflag != 0 && (getuid() == 0 || geteuid() == 0)) {
+		if (username || chroot_dir)
+			droproot(username, chroot_dir);
+	}
+
 	if (pcap_setfilter(pd, &fcode) < 0)
 		error("%s", pcap_geterr(pd));
 	if (WFileName) {
@@ -999,7 +1004,7 @@ main(int argc, char **argv)
 	 * We cannot do this earlier, because we want to be able to open
 	 * the file (if done) for writing before giving up permissions.
 	 */
-	if (getuid() == 0 || geteuid() == 0) {
+	if (Cflag == 0 && (getuid() == 0 || geteuid() == 0)) {
 		if (username || chroot_dir)
 			droproot(username, chroot_dir);
 	}
--- tcpdump-3.9.7/tcpdump.1.in.droproot	2007-07-24 16:15:54.000000000 +0200
+++ tcpdump-3.9.7/tcpdump.1.in	2007-07-24 16:15:54.000000000 +0200
@@ -264,6 +264,9 @@ have the name specified with the
 flag, with a number after it, starting at 1 and continuing upward.
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
 not 1,048,576 bytes).
+
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
+are dropped before opening first savefile.
 .TP
 .B \-d
 Dump the compiled packet-matching code in a human readable form to
@@ -592,7 +595,9 @@ Drops privileges (if root) and changes u
 and the group ID to the primary group of
 .IR user .
 .IP
-This behavior can also be enabled by default at compile time.
+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
+be disabled by \fB\-Z root\fR.
+
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.
- update to 3.9.7 - with -C option, drop root privileges before opening first savefile (#244860) - update tcpslice to 1.2a3 - include time patch from Debian to fix tcpslice on 64-bit architectures 2007-07-24 16:09:10 +00:00			`--- tcpdump-3.9.7/tcpdump.c.droproot 2006-09-19 21:07:57.000000000 +0200`
			`+++ tcpdump-3.9.7/tcpdump.c 2007-07-24 16:15:54.000000000 +0200`
			`@@ -958,6 +958,11 @@ main(int argc, char **argv)`
			`(void)setsignal(SIGHUP, oldhandler);`
			`#endif /* WIN32 */`

			`+ if (Cflag != 0 && (getuid() == 0 \|\| geteuid() == 0)) {`
			`+ if (username \|\| chroot_dir)`
			`+ droproot(username, chroot_dir);`
			`+ }`
			`+`
			`if (pcap_setfilter(pd, &fcode) < 0)`
			`error("%s", pcap_geterr(pd));`
			`if (WFileName) {`
			`@@ -999,7 +1004,7 @@ main(int argc, char **argv)`
			`* We cannot do this earlier, because we want to be able to open`
			`* the file (if done) for writing before giving up permissions.`
			`*/`
			`- if (getuid() == 0 \|\| geteuid() == 0) {`
			`+ if (Cflag == 0 && (getuid() == 0 \|\| geteuid() == 0)) {`
			`if (username \|\| chroot_dir)`
			`droproot(username, chroot_dir);`
			`}`
- update to post 4.0.0 git snapshot 20090818git832d2c - print retrans and reachable times in ICMPv6 as milliseconds (#474264) 2009-08-20 15:11:12 +00:00			`--- tcpdump-3.9.7/tcpdump.1.in.droproot 2007-07-24 16:15:54.000000000 +0200`
			`+++ tcpdump-3.9.7/tcpdump.1.in 2007-07-24 16:15:54.000000000 +0200`
- update to 3.9.7 - with -C option, drop root privileges before opening first savefile (#244860) - update tcpslice to 1.2a3 - include time patch from Debian to fix tcpslice on 64-bit architectures 2007-07-24 16:09:10 +00:00			`@@ -264,6 +264,9 @@ have the name specified with the`
			`flag, with a number after it, starting at 1 and continuing upward.`
			`The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,`
			`not 1,048,576 bytes).`
			`+`
			`+Note that when used with \fB\-Z\fR option (enabled by default), privileges`
			`+are dropped before opening first savefile.`
			`.TP`
			`.B \-d`
			`Dump the compiled packet-matching code in a human readable form to`
			`@@ -592,7 +595,9 @@ Drops privileges (if root) and changes u`
			`and the group ID to the primary group of`
			`.IR user .`
			`.IP`
			`-This behavior can also be enabled by default at compile time.`
- update to 3.9.8 - don't use gethostbyaddr - fix default user in man page 2007-10-24 16:39:02 +00:00			`+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can`
- update to 3.9.7 - with -C option, drop root privileges before opening first savefile (#244860) - update tcpslice to 1.2a3 - include time patch from Debian to fix tcpslice on 64-bit architectures 2007-07-24 16:09:10 +00:00			`+be disabled by \fB\-Z root\fR.`
			`+`
			`.IP "\fI expression\fP"`
			`.RS`
			`selects which packets will be dumped.`