rpms/tcpdump
6
0
Fork 0
Code Issues Pull Requests Releases Activity

fix for #176010 - file owner problem when using 'ring buffer

Browse Source
This commit is contained in:
Martin Stransky 2005-12-20 12:46:01 +00:00
parent b1723d5d0d
commit 670d821662
2 changed files with 113 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
tcpdump-3.9.4-ring-buffers.patch Normal file
View File

@ -0,0 +1,106 @@
--- tcpdump-3.9.4/tcpdump.c.ring 2005-08-23 12:29:41.000000000 +0200
+++ tcpdump-3.9.4/tcpdump.c 2005-12-20 13:32:45.000000000 +0100
@@ -109,7 +109,8 @@
static void ndo_default_print(netdissect_options *, const u_char *, u_int);
static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
-static void droproot(const char *, const char *);
+static void droproot(const char *, const char *, int);
+static void setroot(void);
static void ndo_error(netdissect_options *ndo, const char *fmt, ...);
static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
@@ -295,6 +296,7 @@
char *WFileName;
pcap_t *pd;
pcap_dumper_t *p;
+ char *username;
};
static void
@@ -366,9 +368,10 @@
#ifndef WIN32
/* Drop root privileges and chroot if necessary */
static void
-droproot(const char *username, const char *chroot_dir)
+droproot(const char *username, const char *chroot_dir, int set_uid)
{
struct passwd *pw = NULL;
+ int res;
if (chroot_dir && !username) {
fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
@@ -384,8 +387,11 @@
exit(1);
}
}
- if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
- setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
+ res = (initgroups(pw->pw_name, pw->pw_gid) != 0) ||
+ (set_uid ? (setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) :
+ (setegid(pw->pw_gid) != 0 || seteuid(pw->pw_uid) != 0));
+
+ if (res) {
fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
username,
(unsigned long)pw->pw_uid,
@@ -400,6 +406,17 @@
exit(1);
}
}
+
+/* Set root privileges */
+static void
+setroot(void)
+{
+ if (setegid(0) != 0 || seteuid(0) != 0) {
+ fprintf(stderr, "tcpdump: Couldn't change to root uid=0 gid=0: %s\n",
+ pcap_strerror(errno));
+ exit(1);
+ }
+}
#endif /* WIN32 */
static int
@@ -463,6 +480,7 @@
int devnum;
#endif
int status;
+ int set_uid = 1;
#ifdef WIN32
u_int UserBufferSize = 1000000;
if(wsockinit() != 0) return 1;
@@ -972,7 +990,9 @@
dumpinfo.WFileName = WFileName;
dumpinfo.pd = pd;
dumpinfo.p = p;
+ dumpinfo.username = username;
pcap_userdata = (u_char *)&dumpinfo;
+ set_uid = 0;
} else {
callback = dump_packet;
pcap_userdata = (u_char *)p;
@@ -998,7 +1018,7 @@
*/
if (getuid() == 0 || geteuid() == 0) {
if (username || chroot_dir)
- droproot(username, chroot_dir);
+ droproot(username, chroot_dir, set_uid);
}
#endif /* WIN32 */
#ifdef SIGINFO
@@ -1181,7 +1201,14 @@
if (name == NULL)
error("dump_packet_and_trunc: malloc");
MakeFilename(name, dump_info->WFileName, Cflag_count, WflagChars);
+#ifndef WIN32
+ setroot();
+#endif /* WIN32 */
dump_info->p = pcap_dump_open(dump_info->pd, name);
+#ifndef WIN32
+ if (dump_info->username)
+ droproot(dump_info->username, NULL, 0);
+#endif /* WIN32 */
free(name);
if (dump_info->p == NULL)
error("%s", pcap_geterr(pd));

9
tcpdump.spec
View File

@ -2,7 +2,7 @@
%define PCAP_UID 77 %define PCAP_UID 77
%define PCAP_GID 77 %define PCAP_GID 77
%define releaseno 1 %define releaseno 2
%define arpwatch_release 14 %define arpwatch_release 14
%define pcap_release %{releaseno} %define pcap_release %{releaseno}
%define tcpdump_release %{releaseno} %define tcpdump_release %{releaseno}
@ -19,7 +19,7 @@ Name: tcpdump
Version: %{tcpdump_version} Version: %{tcpdump_version}
%define tcpdump_dir tcpdump-%{tcpdump_version} %define tcpdump_dir tcpdump-%{tcpdump_version}
%define tcpslice_dir tcpslice %define tcpslice_dir tcpslice
Release: %{tcpdump_release}.1 Release: %{tcpdump_release}
# XXX epoch is necessary to obsolete tcpdump-3.4a5 # XXX epoch is necessary to obsolete tcpdump-3.4a5
Epoch: 14 Epoch: 14
@ -43,6 +43,7 @@ Patch16: tcpdump-3.8.1-sctp.patch
Patch17: tcpdump-3.7.2-sctpdef.patch Patch17: tcpdump-3.7.2-sctpdef.patch
Patch19: tcpdump-3.8.2-rsvp-dos.patch Patch19: tcpdump-3.8.2-rsvp-dos.patch
Patch21: tcpdump-3.8.2-isis-dos.patch Patch21: tcpdump-3.8.2-isis-dos.patch
Patch22: tcpdump-3.9.4-ring-buffers.patch
Patch34: arpwatch-2.1a4-fhs.patch Patch34: arpwatch-2.1a4-fhs.patch
Patch35: arpwatch-2.1a10-man.patch Patch35: arpwatch-2.1a10-man.patch
@ -135,6 +136,7 @@ pushd %tcpdump_dir
%patch17 -p1 -b .sctpdef %patch17 -p1 -b .sctpdef
%patch19 -p1 -b .rsvp-dos %patch19 -p1 -b .rsvp-dos
%patch21 -p1 -b .isis-dos %patch21 -p1 -b .isis-dos
%patch22 -p1 -b .ring
tar xzf %{SOURCE6} tar xzf %{SOURCE6}
popd popd
@ -313,6 +315,9 @@ exit 0
%{_vararpwatch}/massagevendor-old %{_vararpwatch}/massagevendor-old
%changelog %changelog
* Tue Dec 20 2005 Martin Stransky <stransky@redhat.com> - 14:3.9.4-2
- fix for #176010 - file owner problem when using 'ring buffer
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt - rebuilt