1 --- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000
2 +++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001
13 int sanity_fddi(struct fddi_header *, struct ether_arp *, int);
14 __dead void usage(void) __attribute__((volatile));
16 +void dropprivileges(const char* user)
19 + pw = getpwnam( user );
21 + if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
22 + setuid(pw->pw_uid) != 0 ) {
23 + syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
24 + pw->pw_uid, pw->pw_gid);
29 + syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
32 + syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
36 main(int argc, char **argv)
39 register char *interface, *rfilename;
40 struct bpf_program code;
41 char errbuf[PCAP_ERRBUF_SIZE];
42 + char* serveruser = NULL;
50 - while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
51 + while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
61 + serveruser = strdup(optarg);
64 + fprintf(stderr, "%s: Need username after -u\n", prog);
73 * Revert to non-privileged user after opening sockets
74 * (not needed on most systems).
78 + /*setgid(getgid());*/
79 + /*setuid(getuid());*/
81 + dropprivileges( serveruser );
84 /* Must be ethernet or fddi */
85 linktype = pcap_datalink(pd);
88 (void)fprintf(stderr, "Version %s\n", version);
89 (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
90 - " [-n net[/width]] [-r file]\n", prog);
91 + " [-n net[/width]] [-r file] [-u username]\n", prog);