1 Index: arpwatch/arpwatch.8
2 diff -u arpwatch/arpwatch.8:1.1.1.1.2.2 arpwatch/arpwatch.8:1.1.1.1.20.3
3 --- arpwatch/arpwatch.8:1.1.1.1.2.2 Thu Aug 12 22:31:09 2004
4 +++ arpwatch/arpwatch.8 Sat Aug 14 02:21:59 2004
34 +to drop root privileges and change the UID to
36 +and GID to the primary group of
38 +This is recommended for security reasons, but
40 +has to have write access to the default directory.
48 +seconds after the interface went down. By default, in such cases
49 +arpwatch would print an error message and exit. This option is
50 +ignored if either the
60 file must be created before the first time you run
61 Index: arpwatch/arpwatch.c
62 diff -u arpwatch/arpwatch.c:1.1.1.1.2.5 arpwatch/arpwatch.c:1.1.1.1.2.1.10.7
63 --- arpwatch/arpwatch.c:1.1.1.1.2.5 Sat Aug 14 02:33:07 2004
64 +++ arpwatch/arpwatch.c Sat Aug 14 02:36:15 2004
76 int sanity_fddi(struct fddi_header *, struct ether_arp *, int);
77 __dead void usage(void) __attribute__((volatile));
79 +void dropprivileges(const char* user)
82 + pw = getpwnam( user );
84 + if ( initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 ||
85 + setuid(pw->pw_uid) != 0 ) {
86 + syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,pw->pw_uid, pw->pw_gid);
91 + syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
94 + syslog(LOG_INFO, "Running as uid=%d gid=%d", getuid(), getgid());
98 main(int argc, char **argv)
101 register char *interface, *rfilename;
102 struct bpf_program code;
103 char errbuf[PCAP_ERRBUF_SIZE];
104 + char* username = NULL;
126 + username = strdup(optarg);
128 + fprintf(stderr, "%s: Need username after -u\n", prog);
133 + restart = atoi(optarg);
141 if (rfilename != NULL) {
144 + interface = "(from file)";
147 /* Determine interface if not specified */
148 if (interface == NULL &&
150 syslog(LOG_ERR, "(using current working directory)");
154 if (rfilename != NULL) {
155 pd = pcap_open_offline(rfilename, errbuf);
157 @@ -293,19 +334,29 @@
158 pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
160 syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
163 + syslog(LOG_ERR, "restart in %d secs", restart);
168 + goto label_restart;
170 #ifdef WORDS_BIGENDIAN
175 + if ( username && !restart ) {
176 + dropprivileges( username );
179 * Revert to non-privileged user after opening sockets
180 * (not needed on most systems).
188 /* Must be ethernet or fddi */
189 linktype = pcap_datalink(pd);