| @@ -24,27 +24,27 @@ | | | @@ -24,27 +24,27 @@ |
24 | * Copyright (c) 2001 | | 24 | * Copyright (c) 2001 |
25 | * Seth Webster <swebster@sst.ll.mit.edu> | | 25 | * Seth Webster <swebster@sst.ll.mit.edu> |
26 | */ | | 26 | */ |
27 | | | 27 | |
28 | #include <sys/cdefs.h> | | 28 | #include <sys/cdefs.h> |
29 | #ifndef lint | | 29 | #ifndef lint |
30 | #if 0 | | 30 | #if 0 |
31 | static const char copyright[] _U_ = | | 31 | static const char copyright[] _U_ = |
32 | "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ | | 32 | "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ |
33 | The Regents of the University of California. All rights reserved.\n"; | | 33 | The Regents of the University of California. All rights reserved.\n"; |
34 | static const char rcsid[] _U_ = | | 34 | static const char rcsid[] _U_ = |
35 | "@(#) Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp (LBL)"; | | 35 | "@(#) Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp (LBL)"; |
36 | #else | | 36 | #else |
37 | __RCSID("$NetBSD: tcpdump.c,v 1.2 2010/12/05 05:11:31 christos Exp $"); | | 37 | __RCSID("$NetBSD: tcpdump.c,v 1.3 2011/04/17 11:45:40 martin Exp $"); |
38 | #endif | | 38 | #endif |
39 | #endif | | 39 | #endif |
40 | | | 40 | |
41 | /* | | 41 | /* |
42 | * tcpdump - monitor tcp/ip traffic on an ethernet. | | 42 | * tcpdump - monitor tcp/ip traffic on an ethernet. |
43 | * | | 43 | * |
44 | * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. | | 44 | * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. |
45 | * Mercilessly hacked and occasionally improved since then via the | | 45 | * Mercilessly hacked and occasionally improved since then via the |
46 | * combined efforts of Van, Steve McCanne and Craig Leres of LBL. | | 46 | * combined efforts of Van, Steve McCanne and Craig Leres of LBL. |
47 | */ | | 47 | */ |
48 | | | 48 | |
49 | #ifdef HAVE_CONFIG_H | | 49 | #ifdef HAVE_CONFIG_H |
50 | #include "config.h" | | 50 | #include "config.h" |
| @@ -459,26 +459,27 @@ show_dlts_and_exit(const char *device, p | | | @@ -459,26 +459,27 @@ show_dlts_and_exit(const char *device, p |
459 | static void | | 459 | static void |
460 | droproot(const char *username, const char *chroot_dir) | | 460 | droproot(const char *username, const char *chroot_dir) |
461 | { | | 461 | { |
462 | struct passwd *pw = NULL; | | 462 | struct passwd *pw = NULL; |
463 | | | 463 | |
464 | if (chroot_dir && !username) { | | 464 | if (chroot_dir && !username) { |
465 | fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); | | 465 | fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); |
466 | exit(1); | | 466 | exit(1); |
467 | } | | 467 | } |
468 | | | 468 | |
469 | pw = getpwnam(username); | | 469 | pw = getpwnam(username); |
470 | if (pw) { | | 470 | if (pw) { |
471 | if (chroot_dir) { | | 471 | if (chroot_dir) { |
| | | 472 | setprotoent(1); |
472 | if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { | | 473 | if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { |
473 | fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", | | 474 | fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", |
474 | chroot_dir, pcap_strerror(errno)); | | 475 | chroot_dir, pcap_strerror(errno)); |
475 | exit(1); | | 476 | exit(1); |
476 | } | | 477 | } |
477 | } | | 478 | } |
478 | if (initgroups(pw->pw_name, pw->pw_gid) != 0 || | | 479 | if (initgroups(pw->pw_name, pw->pw_gid) != 0 || |
479 | setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { | | 480 | setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { |
480 | fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", | | 481 | fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", |
481 | username, | | 482 | username, |
482 | (unsigned long)pw->pw_uid, | | 483 | (unsigned long)pw->pw_uid, |
483 | (unsigned long)pw->pw_gid, | | 484 | (unsigned long)pw->pw_gid, |
484 | pcap_strerror(errno)); | | 485 | pcap_strerror(errno)); |