Attachment 584994 Details for Bug 809638 – Fix permission denied error

[patch] Fix permission denied error

tcpdump-4.2.1-eperm.patch (text/plain), 3.17 KB, created by Michal Sekletar on 2012-05-16 14:54:14 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michal Sekletar

Created: 2012-05-16 14:54:14 UTC

Size: 3.17 KB

patch

obsolete

>diff -up tcpdump-4.2.1/tcpdump.1.in.eperm tcpdump-4.2.1/tcpdump.1.in
>--- tcpdump-4.2.1/tcpdump.1.in.eperm	2012-05-16 15:46:55.009494388 +0200
>+++ tcpdump-4.2.1/tcpdump.1.in	2012-05-16 15:47:16.860299598 +0200
>@@ -214,6 +214,9 @@ have the name specified with the
> flag, with a number after it, starting at 1 and continuing upward.
> The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
> not 1,048,576 bytes).
>+
>+Note that when used with \fB\-Z\fR option (enabled by default), privileges
>+are dropped before opening first savefile.
> .TP
> .B \-d
> Dump the compiled packet-matching code in a human readable form to
>@@ -650,7 +653,9 @@ but before opening any savefiles for out
> and the group ID to the primary group of
> .IR user .
> .IP
>-This behavior can also be enabled by default at compile time.
>+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
>+be disabled by \fB\-Z root\fR.
>+
> .IP "\fI expression\fP"
> .RS
> selects which packets will be dumped.
>diff -up tcpdump-4.2.1/tcpdump.c.eperm tcpdump-4.2.1/tcpdump.c
>--- tcpdump-4.2.1/tcpdump.c.eperm	2012-05-16 15:46:28.321732801 +0200
>+++ tcpdump-4.2.1/tcpdump.c	2012-05-16 15:46:42.642604795 +0200
>@@ -1289,9 +1289,27 @@ main(int argc, char **argv)
> 	 * Switching to the -Z user ID only after opening the first
> 	 * savefile doesn't handle the general case.
> 	 */
>-	if (getuid() == 0 || geteuid() == 0) {
>-		if (username || chroot_dir)
>-			droproot(username, chroot_dir);
>+
>+	/* If user is running tcpdump as root and wants to write to the savefile,
>+	 * we will check if -C is set and if it is, we will drop root
>+	 * privileges right away and consequent call to	pcap_dump_open()
>+	 * will most likely fail for the first file. If -C flag is not set we
>+	 * will create file as root then change ownership of file to proper
>+	 * user(default tcpdump) and drop root privileges.
>+	 */
>+	int chown_flag = 0;
>+	if (WFileName && (getuid() == 0 || geteuid() == 0)) {
>+		if (Cflag != 0) {
>+			if (username || chroot_dir)
>+				droproot(username, chroot_dir);
>+		} else {
>+			chown_flag = 1;
>+		}
>+	} else {
>+		if (getuid() == 0 || geteuid() == 0) {
>+			if (username || chroot_dir)
>+				droproot(username, chroot_dir);
>+		}
> 	}
> #endif /* WIN32 */
> 
>@@ -1312,6 +1330,40 @@ main(int argc, char **argv)
> 		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
> 
> 		p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
>+		
>+		/* Change ownership of file and drop root privileges */
>+		if (chown_flag) {
>+			struct passwd pwd;
>+			struct passwd *p_pwd;
>+			char *username_buf;
>+			long initlen;
>+			size_t len;
>+
>+			initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
>+			if (initlen == -1) {
>+				len = 1024;
>+			} else {
>+				len = (size_t) initlen;
>+			}
>+
>+			username_buf = (char *) malloc(len * sizeof(char));
>+			if (username_buf == NULL) {
>+				error("malloc of username_buf");
>+			}
>+
>+			getpwnam_r(username, &pwd, username_buf, len, &p_pwd);
>+			if (p_pwd == NULL) {
>+				error("Couldn't find user '%s'", username);
>+			}
>+
>+			chown(dumpinfo.CurrentFileName, pwd.pw_uid, pwd.pw_gid);
>+
>+			if (username || chroot_dir)
>+				droproot(username, chroot_dir);
>+							
>+			free(username_buf);
>+		}
>+
> 		if (p == NULL)
> 			error("%s", pcap_geterr(pd));
> 		if (Cflag != 0 || Gflag != 0) {

Actions: View | Diff

Attachments on bug 809638: 584994