Blob Blame History Raw
diff -up tcpdump-4.4.0/tcpdump.1.in.eperm tcpdump-4.4.0/tcpdump.1.in
--- tcpdump-4.4.0/tcpdump.1.in.eperm	2013-10-07 15:21:26.795602764 +0200
+++ tcpdump-4.4.0/tcpdump.1.in	2013-10-07 15:21:26.800602762 +0200
@@ -221,6 +221,9 @@ have the name specified with the
 flag, with a number after it, starting at 1 and continuing upward.
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
 not 1,048,576 bytes).
+
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
+are dropped before opening first savefile.
 .TP
 .B \-d
 Dump the compiled packet-matching code in a human readable form to
@@ -720,7 +723,9 @@ but before opening any savefiles for out
 and the group ID to the primary group of
 .IR user .
 .IP
-This behavior can also be enabled by default at compile time.
+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
+be disabled by \fB\-Z root\fR.
+
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.
diff -up tcpdump-4.4.0/tcpdump.c.eperm tcpdump-4.4.0/tcpdump.c
--- tcpdump-4.4.0/tcpdump.c.eperm	2013-03-24 22:49:18.000000000 +0100
+++ tcpdump-4.4.0/tcpdump.c	2013-10-07 15:22:26.360590143 +0200
@@ -1426,11 +1426,24 @@ main(int argc, char **argv)
 	}
 #endif /* HAVE_CAP_NG_H */
 
-	if (getuid() == 0 || geteuid() == 0) {
-		if (username || chroot_dir)
+	/* If user is running tcpdump as root and wants to write to the savefile,
+	 * we will check if -C is set and if it is, we will drop root
+	 * privileges right away and consequent call to	pcap_dump_open()
+	 * will most likely fail for the first file. If -C flag is not set we
+	 * will create file as root then change ownership of file to proper
+	 * user(default tcpdump) and drop root privileges.
+	 */
+	int chown_flag = 0;
+
+	if (WFileName && (getuid() == 0 || geteuid() == 0))
+		if (Cflag && (username || chroot_dir))
+			droproot(username, chroot_dir);
+                else 
+			chown_flag = 1;
+	else
+		if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir))
 			droproot(username, chroot_dir);
 
-	}
 #endif /* WIN32 */
 
 	if (pcap_setfilter(pd, &fcode) < 0)
@@ -1450,6 +1463,21 @@ main(int argc, char **argv)
 		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
 
 		p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
+
+		/* Change ownership of file and drop root privileges */
+		if (chown_flag) {
+			struct passwd *pwd;
+
+			pwd = getpwnam(username);
+			if (!pwd)
+				error("Couldn't find user '%s'", username);
+
+			if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0)
+				error("Couldn't change ownership of savefile");
+
+			if (username || chroot_dir)
+				droproot(username, chroot_dir);
+		}
 #ifdef HAVE_CAP_NG_H
         /* Give up capabilities, clear Effective set */
         capng_clear(CAPNG_EFFECTIVE);