from Pekka Savola <[email protected]>:

 add a compile time option --with-user=USERNAME that
 drops privileges by default to USERNAME

diff --git a/acconfig.h b/acconfig.h
index 09e8351566af80e24a2fd7039fc97661be703076..5a2b508bd9b3718e419613c9afe37c0471d4e37b 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -126,3 +126,6 @@
 
 /* Define if you have a dnet_htoa declaration in <netdnet/dnetdb.h>.  */
 #undef HAVE_NETDNET_DNETDB_H_DNET_HTOA
+
+/* define if should drop privileges by default */
+#undef WITH_USER

diff --git a/configure.in b/configure.in
index 55977c40a40db537a2b17d8feda97982d248088f..d39f370d12b2252450d87b5c28f59a213860f6ad 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-dnl @(#) $Header: /tcpdump/master/tcpdump/configure.in,v 1.173 2004-01-15 19:53:48 guy Exp $ (LBL)
+dnl @(#) $Header: /tcpdump/master/tcpdump/configure.in,v 1.174 2004-01-22 09:51:31 hannes Exp $ (LBL)
 dnl
 dnl Copyright (c) 1994, 1995, 1996, 1997
 dnl    The Regents of the University of California.  All rights reserved.
@@ -6,7 +6,7 @@ dnl
 dnl Process this file with autoconf to produce a configure script.
 dnl
 
-AC_REVISION($Revision: 1.173 $)
+AC_REVISION($Revision: 1.174 $)
 AC_PREREQ(2.50)
 AC_INIT(tcpdump.c)
 
@@ -102,6 +102,15 @@ yes)       AC_MSG_RESULT(yes)
        ;;
 esac
 
+AC_ARG_WITH(user, [  --with-user=USERNAME    drop privileges by default to USERNAME])
+AC_MSG_CHECKING([whether to drop root privileges by default])
+if test ! -z "$with_user" ; then
+        AC_DEFINE_UNQUOTED(WITH_USER, "$withval")
+       AC_MSG_RESULT(to \"$withval\")
+else
+       AC_MSG_RESULT(no)
+fi
+
 AC_MSG_CHECKING([whether to enable ipv6])
 AC_ARG_ENABLE(ipv6,
 [  --enable-ipv6           enable ipv6 (with ipv4) support

diff --git a/tcpdump.1 b/tcpdump.1
index 045415a3b080e8b897b15f11686b6e0c6887fa5b..eaa2ad3dd303bc21ff1d60ca380444deb68ef69b 100644 (file)
--- a/tcpdump.1
+++ b/tcpdump.1
@@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.158 2004-01-22 09:35:50 hannes Exp $ (LBL)
+.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.159 2004-01-22 09:51:31 hannes Exp $ (LBL)
 .\"
 .\"    $NetBSD: tcpdump.8,v 1.9 2003/03/31 00:18:17 perry Exp $
 .\"
@@ -551,6 +551,8 @@ Drops privileges (if root) and changes user ID to
 .I user
 and the group ID to the primary group of
 .IR user .
+.IP
+This behavior can also be enabled by default at compile time.
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.

diff --git a/tcpdump.c b/tcpdump.c
index a3fce5251ca59cdebf66763b427d65284a9c6823..4fec886cb823794b7841448523f122974a63da1a 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -30,7 +30,7 @@ static const char copyright[] _U_ =
     "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
 The Regents of the University of California.  All rights reserved.\n";
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.226 2004-01-22 09:35:50 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.227 2004-01-22 09:51:31 hannes Exp $ (LBL)";
 #endif
 
 /*
@@ -898,6 +898,16 @@ main(int argc, char **argv)
                (void)fprintf(stderr, "%s: pcap_loop: %s\n",
                    program_name, pcap_geterr(pd));
        }
+#ifdef WITH_USER
+       /* if run as root, drop root; protect against remote sec problems */
+       if (getuid() == 0 || geteuid() == 0) {
+               /* Run with '-Z root' to restore old behaviour */ 
+               if (!username) {
+                       droproot(WITH_USER);
+                       /* does not return if fails */
+               }
+       }
+#endif
        if (RFileName == NULL) {
                /*
                 * We're doing a live capture.  Report the capture