]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d028c3a)
Exit if capng_change_id() fails to change the uid
authorFrancois-Xavier Le Bail <[email protected]>
Sat, 14 Jul 2018 16:18:12 +0000 (18:18 +0200)
committerFrancois-Xavier Le Bail <[email protected]>
Sat, 14 Jul 2018 18:52:59 +0000 (20:52 +0200)
From Linux manual page of capng_change_id():
    Note:  the only  safe action to do upon failure of this function is to
    probably exit. This is because you are likely in a situation with par-
    tial permissions and not what you intended.

(backported from commit e6a56690 in master)

tcpdump.c patch | blob | history

diff --git a/tcpdump.c b/tcpdump.c
index d9c7f7ab8f97677f1d0270fa8b429caa75487eec..149ce1d05f8336c08ec70a576ca58342e8033fed 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -607,11 +607,10 @@ droproot(const char *username, const char *chroot_dir)
 #ifdef HAVE_LIBCAP_NG
                {
                        int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
 #ifdef HAVE_LIBCAP_NG
                {
                        int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
-                       if (ret < 0) {
-                               fprintf(stderr, "error : ret %d\n", ret);
-                       } else {
+                       if (ret < 0)
+                               error("capng_change_id(): return %d\n", ret);
+                       else
                                fprintf(stderr, "dropped privs to %s\n", username);
                                fprintf(stderr, "dropped privs to %s\n", username);
-                       }
                }
 #else
                if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
                }
 #else
                if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
[mirror] the TCPdump network dissector