X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/1b15fedd1cb65a9d00c1d03bf7652e197006d19d..d2c7d4e92b665cb6dafe654e51a0b5baa487e6ed:/tcpdump.c?ds=sidebyside diff --git a/tcpdump.c b/tcpdump.c index 4e524082..c8da36ba 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -154,7 +154,6 @@ static struct printer printers[] = { #ifdef DLT_ARCNET_LINUX { arcnet_linux_if_print, DLT_ARCNET_LINUX }, #endif - { ether_if_print, DLT_EN10MB }, { token_if_print, DLT_IEEE802 }, #ifdef DLT_LANE8023 { lane_if_print, DLT_LANE8023 }, @@ -306,6 +305,7 @@ static struct printer printers[] = { }; static struct ndo_printer ndo_printers[] = { + { ether_if_print, DLT_EN10MB }, #ifdef DLT_IPNET { ipnet_if_print, DLT_IPNET }, #endif @@ -1258,6 +1258,30 @@ main(int argc, char **argv) (void)setsignal(SIGHUP, oldhandler); #endif /* WIN32 */ +#ifndef WIN32 + /* + * If a user name was specified with "-Z", attempt to switch to + * that user's UID. This would probably be used with sudo, + * to allow tcpdump to be run in a special restricted + * account (if you just want to allow users to open capture + * devices, and can't just give users that permission, + * you'd make tcpdump set-UID or set-GID). + * + * Tcpdump doesn't necessarily write only to one savefile; + * the general only way to allow a -Z instance to write to + * savefiles as the user under whose UID it's run, rather + * than as the user specified with -Z, would thus be to switch + * to the original user ID before opening a capture file and + * then switch back to the -Z user ID after opening the savefile. + * Switching to the -Z user ID only after opening the first + * savefile doesn't handle the general case. + */ + if (getuid() == 0 || geteuid() == 0) { + if (username || chroot_dir) + droproot(username, chroot_dir); + } +#endif /* WIN32 */ + if (pcap_setfilter(pd, &fcode) < 0) error("%s", pcap_geterr(pd)); if (WFileName) { @@ -1311,16 +1335,7 @@ main(int argc, char **argv) callback = print_packet; pcap_userdata = (u_char *)&printinfo; } -#ifndef WIN32 - /* - * We cannot do this earlier, because we want to be able to open - * the file (if done) for writing before giving up permissions. - */ - if (getuid() == 0 || geteuid() == 0) { - if (username || chroot_dir) - droproot(username, chroot_dir); - } -#endif /* WIN32 */ + #ifdef SIGINFO /* * We can't get statistics when reading from a file rather @@ -1866,7 +1881,7 @@ usage(void) #endif /* WIN32 */ #endif /* HAVE_PCAP_LIB_VERSION */ (void)fprintf(stderr, -"Usage: %s [-aAbd" D_FLAG "ef" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); +"Usage: %s [-aAbd" D_FLAG "efh" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); (void)fprintf(stderr, "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); (void)fprintf(stderr,