--- ngrep.c.orig 2005-07-01 03:35:20 +0400 +++ ngrep.c 2005-07-01 20:57:23 +0400 @@ -90,9 +90,9 @@ #endif #if USE_PCRE -#include "pcre-5.0/pcre.h" +#include #else -#include "regex-0.12/regex.h" +#include #endif #include "ngrep.h" @@ -179,7 +179,7 @@ void (*print_time)() = NULL, (*dump_dela uint32_t ws_row, ws_col = 80, ws_col_forced = 0; -int main(int argc, char **argv) { +void main(int argc, char **argv) { int32_t c; signal(SIGINT, clean_exit); @@ -359,10 +359,6 @@ int main(int argc, char **argv) { } } -#if !defined(_WIN32) - drop_privs(); -#endif - if (filter_file) { char buf[1024] = {0}; FILE *f = fopen(filter_file, "r"); @@ -590,12 +586,13 @@ int main(int argc, char **argv) { win32_initwinsock(); #endif +#if !defined(_WIN32) && defined(USE_DROPPRIVS) + drop_privs(); +#endif + while (pcap_loop(pd, 0, (pcap_handler)process, 0)); clean_exit(0); - - /* NOT REACHED */ - return 0; } void process(u_char *d, struct pcap_pkthdr *h, u_char *p) { @@ -1174,21 +1171,39 @@ void update_windowsize(int32_t e) { } } } +#endif + +#if defined(USE_DROPPRIVS) && !defined(_WIN32) + +int drop_rootdir(void) { + const char dir[] = "/var/resolv"; + if (dont_dropprivs) + return 0; + if (chroot(dir) < 0 || chdir("/") < 0) + perror(dir); + return -errno; +} + void drop_privs(void) { struct passwd *pw; uid_t newuid; gid_t newgid; - if ((getuid() || geteuid()) || dont_dropprivs || !USE_DROPPRIVS) + if ((getuid() || geteuid()) || dont_dropprivs) { + drop_rootdir(); return; - + } + pw = getpwnam(DROPPRIVS_USER); if (!pw) { - perror("attempt to drop privileges failed: getpwnam failed"); + perror("attempt to drop privileges failed: getpwnam(\"" DROPPRIVS_USER "\") failed"); clean_exit(-1); } + if (drop_rootdir() < 0) + clean_exit(-1); + newgid = pw->pw_gid; newuid = pw->pw_uid; @@ -1207,7 +1222,9 @@ void drop_privs(void) { clean_exit(-1); } } -#endif + +#endif /* if defined(USE_DROPPRIVS) && !defined(_WIN32) */ + void usage(int8_t e) { printf("usage: ngrep <-"