Blame SOURCES/0003-Drop-root-priviledges-before-opening-first-savefile-.patch

1f5cfb
From 9bee0dffaebbc53b9762df7a6d84a553969e7b00 Mon Sep 17 00:00:00 2001
1f5cfb
From: rpm-build <rpm-build>
1f5cfb
Date: Fri, 3 Feb 2017 09:36:26 +0100
1f5cfb
Subject: [PATCH 3/8] Drop root priviledges before opening first savefile if
1f5cfb
 running with -Z root
1f5cfb
1f5cfb
---
1f5cfb
 tcpdump.1.in |  7 ++++++-
1f5cfb
 tcpdump.c    | 30 ++++++++++++++++++++++++++++++
1f5cfb
 2 files changed, 36 insertions(+), 1 deletion(-)
1f5cfb
1f5cfb
diff --git a/tcpdump.1.in b/tcpdump.1.in
1f5cfb
index f04a579..ca5cff2 100644
1f5cfb
--- a/tcpdump.1.in
1f5cfb
+++ b/tcpdump.1.in
1f5cfb
@@ -249,6 +249,9 @@ have the name specified with the
1f5cfb
 flag, with a number after it, starting at 1 and continuing upward.
1f5cfb
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
1f5cfb
 not 1,048,576 bytes).
1f5cfb
+
1f5cfb
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
1f5cfb
+are dropped before opening first savefile.
1f5cfb
 .TP
1f5cfb
 .B \-d
1f5cfb
 Dump the compiled packet-matching code in a human readable form to
1f5cfb
@@ -860,7 +863,9 @@ but before opening any savefiles for output, change the user ID to
1f5cfb
 and the group ID to the primary group of
1f5cfb
 .IR user .
1f5cfb
 .IP
1f5cfb
-This behavior can also be enabled by default at compile time.
1f5cfb
+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
1f5cfb
+be disabled by \fB\-Z root\fR.
1f5cfb
+
1f5cfb
 .IP "\fI expression\fP"
1f5cfb
 .RS
1f5cfb
 selects which packets will be dumped.
1f5cfb
diff --git a/tcpdump.c b/tcpdump.c
1f5cfb
index 73bf138..29f7f87 100644
1f5cfb
--- a/tcpdump.c
1f5cfb
+++ b/tcpdump.c
1f5cfb
@@ -1133,6 +1133,7 @@ main(int argc, char **argv)
1f5cfb
 	cap_rights_t rights;
1f5cfb
 	int cansandbox;
1f5cfb
 #endif	/* HAVE_CAPSICUM */
1f5cfb
+	int chown_flag = 0;
1f5cfb
 	int Oflag = 1;			/* run filter code optimizer */
1f5cfb
 	int yflag_dlt = -1;
1f5cfb
 	const char *yflag_dlt_name = NULL;
1f5cfb
@@ -1843,6 +1844,19 @@ main(int argc, char **argv)
1f5cfb
 		}
1f5cfb
 		capng_apply(CAPNG_SELECT_BOTH);
1f5cfb
 #endif /* HAVE_LIBCAP_NG */
1f5cfb
+	/* If user is running tcpdump as root and wants to write to the savefile,
1f5cfb
+	 * we will check if -C is set and if it is, we will drop root
1f5cfb
+	 * privileges right away and consequent call to>pcap_dump_open()
1f5cfb
+	 * will most likely fail for the first file. If -C flag is not set we
1f5cfb
+	 * will create file as root then change ownership of file to proper
1f5cfb
+	 * user(default tcpdump) and drop root privileges.
1f5cfb
+	 */
1f5cfb
+	if (WFileName)
1f5cfb
+		if (Cflag && (username || chroot_dir))
1f5cfb
+			droproot(username, chroot_dir);
1f5cfb
+		else
1f5cfb
+			chown_flag = 1;
1f5cfb
+	else
1f5cfb
 		if (username || chroot_dir)
1f5cfb
 			droproot(username, chroot_dir);
1f5cfb
 
1f5cfb
@@ -1881,6 +1895,22 @@ main(int argc, char **argv)
1f5cfb
 		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
1f5cfb
 
1f5cfb
 		p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
1f5cfb
+
1f5cfb
+	/* Change ownership of file and drop root privileges */
1f5cfb
+	if (chown_flag) {
1f5cfb
+		struct passwd *pwd;
1f5cfb
+
1f5cfb
+		pwd = getpwnam(username);
1f5cfb
+		if (!pwd)
1f5cfb
+			error("Couldn't find user '%s'", username);
1f5cfb
+
1f5cfb
+		if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0)
1f5cfb
+			error("Couldn't change ownership of savefile");
1f5cfb
+
1f5cfb
+		if (username || chroot_dir)
1f5cfb
+			droproot(username, chroot_dir);
1f5cfb
+    }
1f5cfb
+
1f5cfb
 #ifdef HAVE_LIBCAP_NG
1f5cfb
 		/* Give up CAP_DAC_OVERRIDE capability.
1f5cfb
 		 * Only allow it to be restored if the -C or -G flag have been
1f5cfb
-- 
1f5cfb
2.9.3
1f5cfb