]>
Commit | Line | Data |
---|---|---|
b801584d PG |
1 | --- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000 |
2 | +++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001 | |
3 | @@ -62,7 +62,7 @@ | |
4 | #include <string.h> | |
5 | #include <syslog.h> | |
6 | #include <unistd.h> | |
7 | - | |
8 | +#include <pwd.h> | |
9 | #include <pcap.h> | |
10 | ||
11 | #include "gnuc.h" | |
12 | @@ -141,6 +141,25 @@ | |
13 | int sanity_fddi(struct fddi_header *, struct ether_arp *, int); | |
14 | __dead void usage(void) __attribute__((volatile)); | |
15 | ||
16 | +void dropprivileges(const char* user) | |
17 | +{ | |
18 | + struct passwd* pw; | |
19 | + pw = getpwnam( user ); | |
20 | + if ( pw ) { | |
21 | + if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 || | |
22 | + setuid(pw->pw_uid) != 0 ) { | |
23 | + syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user, | |
24 | + pw->pw_uid, pw->pw_gid); | |
25 | + exit(1); | |
26 | + } | |
27 | + } | |
28 | + else { | |
29 | + syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user); | |
30 | + exit(1); | |
31 | + } | |
32 | + syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid()); | |
33 | +} | |
34 | + | |
35 | int | |
36 | main(int argc, char **argv) | |
37 | { | |
38 | @@ -153,6 +172,7 @@ | |
39 | register char *interface, *rfilename; | |
40 | struct bpf_program code; | |
41 | char errbuf[PCAP_ERRBUF_SIZE]; | |
42 | + char* serveruser = NULL; | |
43 | ||
44 | if (argv[0] == NULL) | |
45 | prog = "arpwatch"; | |
46 | @@ -170,7 +190,7 @@ | |
47 | interface = NULL; | |
48 | rfilename = NULL; | |
49 | pd = NULL; | |
50 | - while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF) | |
51 | + while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF) | |
52 | switch (op) { | |
53 | ||
54 | case 'd': | |
55 | @@ -202,6 +222,16 @@ | |
56 | rfilename = optarg; | |
57 | break; | |
58 | ||
59 | + case 'u': | |
60 | + if ( optarg ) { | |
61 | + serveruser = strdup(optarg); | |
62 | + } | |
63 | + else { | |
64 | + fprintf(stderr, "%s: Need username after -u\n", prog); | |
65 | + usage(); | |
66 | + } | |
67 | + break; | |
68 | + | |
69 | default: | |
70 | usage(); | |
71 | } | |
72 | @@ -283,8 +313,11 @@ | |
73 | * Revert to non-privileged user after opening sockets | |
74 | * (not needed on most systems). | |
75 | */ | |
76 | - setgid(getgid()); | |
77 | - setuid(getuid()); | |
78 | + /*setgid(getgid());*/ | |
79 | + /*setuid(getuid());*/ | |
80 | + if ( serveruser ) { | |
81 | + dropprivileges( serveruser ); | |
82 | + } | |
83 | ||
84 | /* Must be ethernet or fddi */ | |
85 | linktype = pcap_datalink(pd); | |
86 | @@ -751,6 +784,6 @@ | |
87 | ||
88 | (void)fprintf(stderr, "Version %s\n", version); | |
89 | (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]" | |
90 | - " [-n net[/width]] [-r file]\n", prog); | |
91 | + " [-n net[/width]] [-r file] [-u username]\n", prog); | |
92 | exit(1); | |
93 | } |