1 ##dhcp-probe-03-drop-privs.patch - add option to change uid after setup
2 --- src/dhcp_probe.c.02 2009-08-16 12:31:22.000000000 +0300
3 +++ src/dhcp_probe.c 2009-08-16 13:47:29.000000000 +0300
8 +#include <sys/types.h>
12 static const char rcsid[] = "dhcp_probe version " VERSION;
13 static const char copyright[] = "Copyright 2000-2008, The Trustees of Princeton University. All rights reserved.";
15 int snaplen = CAPTURE_BUFSIZE;
16 int socket_receive_timeout_feature = 0;
19 +char *username = NULL;
22 char *logfile_name = NULL;
27 +/* drop privileges */
29 +drop_privileges(const char *username)
32 + pw = getpwnam(username);
34 + report(LOG_ERR, "getpwnam: %s", get_errmsg());
38 + report(LOG_INFO, "changing to uid %d gid %d", pw->pw_uid, pw->pw_gid);
40 + if (setregid(pw->pw_gid, pw->pw_gid)) {
41 + report(LOG_ERR, "setregid: %s", get_errmsg());
44 + if (setreuid(pw->pw_uid, pw->pw_uid)) {
45 + report(LOG_ERR, "setreuid: %s", get_errmsg());
50 +void write_pidfile(void)
53 + if ((pid_fp = open_for_writing(pid_file)) == NULL) {
54 + report(LOG_ERR, "could not open pid file %s for writing", pid_file);
57 + fprintf(pid_fp, "%d\n", (int) getpid());
63 main(int argc, char **argv)
66 extern int optind, opterr, optopt;
76 - while ((c = getopt(argc, argv, "c:d:fhkl:o:p:Q:s:Tvw:")) != EOF) {
77 + while ((c = getopt(argc, argv, "c:d:fhkl:o:p:Q:s:Tu:vw:")) != EOF) {
80 if (optarg[0] != '/') {
90 socket_receive_timeout_feature = 1;
97 - /* write pid file as soon as possible after (possibly) forking */
98 - if ((pid_fp = open_for_writing(pid_file)) == NULL) {
99 - report(LOG_ERR, "could not open pid file %s for writing", pid_file);
102 - fprintf(pid_fp, "%d\n", (int) getpid());
106 if (! read_configfile(config_file)) {
111 init_pcap(need_promiscuous(), netmask);
114 + drop_privileges(username);
116 + /* write the pid file after dropping privileges to be able to remove it later */
119 while (1) { /* MAIN EVENT LOOP */
120 libnet_t *l; /* to iterate through libnet context queue */
121 /* struct pcap_stat ps; */ /* to hold pcap stats */
122 @@ -1189,6 +1227,7 @@
123 fprintf(stderr, " -Q vlan_id tag outgoing frames with an 802.1Q VLAN ID\n");
124 fprintf(stderr, " -s capture_bufsize override default capture bufsize [%d]\n", CAPTURE_BUFSIZE);
125 fprintf(stderr, " -T enable the socket receive timeout feature\n");
126 + fprintf(stderr, " -u username change uid after setup (use with -k\n");
127 fprintf(stderr, " -v display version number then exit\n");
128 fprintf(stderr, " -w cwd override default working directory [%s]\n", CWD);
129 fprintf(stderr, " interface_name name of ethernet interface\n");