From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sat, 14 Jul 2018 16:18:12 +0000 (+0200)
Subject: Exit if capng_change_id() fails to change the uid
X-Git-Tag: tcpdump-4.9.3~132
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/352dafa7b686cce3e20b045567fbb05e21c6f087

Exit if capng_change_id() fails to change the uid

From Linux manual page of capng_change_id():
    Note:  the only  safe action to do upon failure of this function is to
    probably exit. This is because you are likely in a situation with par-
    tial permissions and not what you intended.

(backported from commit e6a56690 in master)
---

diff --git a/tcpdump.c b/tcpdump.c
index d9c7f7ab..149ce1d0 100644
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -607,11 +607,10 @@ droproot(const char *username, const char *chroot_dir)
 #ifdef HAVE_LIBCAP_NG
 		{
 			int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
-			if (ret < 0) {
-				fprintf(stderr, "error : ret %d\n", ret);
-			} else {
+			if (ret < 0)
+				error("capng_change_id(): return %d\n", ret);
+			else
 				fprintf(stderr, "dropped privs to %s\n", username);
-			}
 		}
 #else
 		if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||