tcpdump/0003-Drop-root-priviledges-before-opening-first-savefile-.patch

105 lines
3.4 KiB
Diff
Raw Normal View History

2017-02-03 09:01:52 +00:00
From 9bee0dffaebbc53b9762df7a6d84a553969e7b00 Mon Sep 17 00:00:00 2001
2014-10-20 14:09:01 +00:00
From: rpm-build <rpm-build>
2017-02-03 09:01:52 +00:00
Date: Fri, 3 Feb 2017 09:36:26 +0100
Subject: [PATCH 3/8] Drop root priviledges before opening first savefile if
2014-10-20 14:09:01 +00:00
running with -Z root
---
tcpdump.1.in | 7 ++++++-
2017-02-03 09:01:52 +00:00
tcpdump.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
2014-10-20 14:09:01 +00:00
diff --git a/tcpdump.1.in b/tcpdump.1.in
2017-02-03 09:01:52 +00:00
index f04a579..ca5cff2 100644
2014-10-20 14:09:01 +00:00
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -249,6 +249,9 @@ have the name specified with the
2013-05-06 11:34:01 +00:00
flag, with a number after it, starting at 1 and continuing upward.
The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
not 1,048,576 bytes).
+
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
+are dropped before opening the first savefile.
2013-05-06 11:34:01 +00:00
.TP
.B \-d
Dump the compiled packet-matching code in a human readable form to
2017-02-03 09:01:52 +00:00
@@ -860,7 +863,9 @@ but before opening any savefiles for output, change the user ID to
2013-05-06 11:34:01 +00:00
and the group ID to the primary group of
.IR user .
.IP
-This behavior can also be enabled by default at compile time.
+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
+be disabled by \fB\-Z root\fR.
+
.IP "\fI expression\fP"
.RS
selects which packets will be dumped.
@@ -366,6 +366,10 @@ If no time format is specified, each new file will overwrite the previous.
If used in conjunction with the
.B \-C
option, filenames will take the form of `\fIfile\fP<count>'.
+.IP
+Note that when used with
+.B \-Z
+option (enabled by default), privileges are dropped before opening the first savefile.
.TP
.B \-h
.PD 0
2014-10-20 14:09:01 +00:00
diff --git a/tcpdump.c b/tcpdump.c
2017-02-03 09:01:52 +00:00
index 73bf138..29f7f87 100644
2014-10-20 14:09:01 +00:00
--- a/tcpdump.c
+++ b/tcpdump.c
2017-02-03 09:01:52 +00:00
@@ -1133,6 +1133,7 @@ main(int argc, char **argv)
cap_rights_t rights;
int cansandbox;
#endif /* HAVE_CAPSICUM */
2016-08-10 14:46:42 +00:00
+ int chown_flag = 0;
int Oflag = 1; /* run filter code optimizer */
2017-02-03 09:01:52 +00:00
int yflag_dlt = -1;
const char *yflag_dlt_name = NULL;
@@ -1843,6 +1844,19 @@ main(int argc, char **argv)
}
capng_apply(CAPNG_SELECT_BOTH);
#endif /* HAVE_LIBCAP_NG */
2016-08-10 14:46:42 +00:00
+ /* If user is running tcpdump as root and wants to write to the savefile,
+ * we will check if -C is set and if it is, we will drop root
+ * privileges right away and consequent call to>pcap_dump_open()
+ * will most likely fail for the first file. If -C flag is not set we
+ * will create file as root then change ownership of file to proper
+ * user(default tcpdump) and drop root privileges.
+ */
+ if (WFileName)
+ if ((Cflag || Gflag) && (username || chroot_dir))
2016-08-10 14:46:42 +00:00
+ droproot(username, chroot_dir);
+ else
2016-08-10 14:46:42 +00:00
+ chown_flag = 1;
+ else
2017-02-03 09:01:52 +00:00
if (username || chroot_dir)
droproot(username, chroot_dir);
2016-08-10 14:46:42 +00:00
2017-02-03 09:01:52 +00:00
@@ -1881,6 +1895,22 @@ main(int argc, char **argv)
2013-05-06 11:34:01 +00:00
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
2016-08-10 14:46:42 +00:00
2013-05-06 11:34:01 +00:00
p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
+
2016-08-10 14:46:42 +00:00
+ /* Change ownership of file and drop root privileges */
+ if (chown_flag) {
+ struct passwd *pwd;
+
+ pwd = getpwnam(username);
+ if (!pwd)
+ error("Couldn't find user '%s'", username);
2013-05-06 11:34:01 +00:00
+
2016-08-10 14:46:42 +00:00
+ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0)
+ error("Couldn't change ownership of savefile");
2013-05-06 11:34:01 +00:00
+
2016-08-10 14:46:42 +00:00
+ if (username || chroot_dir)
+ droproot(username, chroot_dir);
+ }
2013-05-06 11:34:01 +00:00
+
#ifdef HAVE_LIBCAP_NG
/* Give up CAP_DAC_OVERRIDE capability.
* Only allow it to be restored if the -C or -G flag have been
2017-02-03 09:01:52 +00:00
--
2.9.3