diff -up tcpdump-4.4.0/tcpdump.1.in.eperm tcpdump-4.4.0/tcpdump.1.in --- tcpdump-4.4.0/tcpdump.1.in.eperm 2013-05-06 13:24:27.832436506 +0200 +++ tcpdump-4.4.0/tcpdump.1.in 2013-05-06 13:24:27.839436511 +0200 @@ -221,6 +221,9 @@ have the name specified with the flag, with a number after it, starting at 1 and continuing upward. The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, not 1,048,576 bytes). + +Note that when used with \fB\-Z\fR option (enabled by default), privileges +are dropped before opening first savefile. .TP .B \-d Dump the compiled packet-matching code in a human readable form to @@ -720,7 +723,9 @@ but before opening any savefiles for out and the group ID to the primary group of .IR user . .IP -This behavior can also be enabled by default at compile time. +This behavior is enabled by default (\fB\-Z tcpdump\fR), and can +be disabled by \fB\-Z root\fR. + .IP "\fI expression\fP" .RS selects which packets will be dumped. diff -up tcpdump-4.4.0/tcpdump.c.eperm tcpdump-4.4.0/tcpdump.c --- tcpdump-4.4.0/tcpdump.c.eperm 2013-03-24 22:49:18.000000000 +0100 +++ tcpdump-4.4.0/tcpdump.c 2013-05-06 13:28:40.929602618 +0200 @@ -1426,11 +1426,24 @@ main(int argc, char **argv) } #endif /* HAVE_CAP_NG_H */ - if (getuid() == 0 || geteuid() == 0) { - if (username || chroot_dir) + /* If user is running tcpdump as root and wants to write to the savefile, + * we will check if -C is set and if it is, we will drop root + * privileges right away and consequent call to pcap_dump_open() + * will most likely fail for the first file. If -C flag is not set we + * will create file as root then change ownership of file to proper + * user(default tcpdump) and drop root privileges. + */ + int chown_flag = 0; + + if (WFileName && (getuid() == 0 || geteuid() == 0)) + if (Cflag && (username || chroot_dir)) + droproot(username, chroot_dir); + else + chown_flag = 1; + else + if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir)) droproot(username, chroot_dir); - } #endif /* WIN32 */ if (pcap_setfilter(pd, &fcode) < 0) @@ -1450,6 +1463,21 @@ main(int argc, char **argv) MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); p = pcap_dump_open(pd, dumpinfo.CurrentFileName); + + /* Change ownership of file and drop root privileges */ + if (chown_flag) { + struct passwd *pwd; + + pwd = getpwnam(username); + if (!pwd) + error("Couldn't find user '%s'", username); + + if (chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) + error("Couldn't change ownership of savefile"); + + if (username || chroot_dir) + droproot(username, chroot_dir); + } #ifdef HAVE_CAP_NG_H /* Give up capabilities, clear Effective set */ capng_clear(CAPNG_EFFECTIVE);