summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2016-07-24 22:46:33 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2016-07-24 22:46:33 +0000
commit1b99d7ba48e3798ea47681b5c32916cf172375e7 (patch)
tree085be782d353097ac4c152cfa1efcd2f8ca8cc5e
parent5d520caf7d1616a8faa36346bbe2d97d7e145999 (diff)
Split the root vs not-root cases better with regards to chroot setup.
ok kettenis benno tedu canacar
-rw-r--r--usr.sbin/tcpdump/privsep.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c
index 8bc37b65795..cdc19141dd2 100644
--- a/usr.sbin/tcpdump/privsep.c
+++ b/usr.sbin/tcpdump/privsep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: privsep.c,v 1.41 2016/07/21 07:22:38 deraadt Exp $ */
+/* $OpenBSD: privsep.c,v 1.42 2016/07/24 22:46:32 deraadt Exp $ */
/*
* Copyright (c) 2003 Can Erkin Acar
@@ -164,26 +164,29 @@ priv_init(int argc, char **argv)
sigprocmask(SIG_SETMASK, &oset, NULL);
/*
- * Parent, attempt to drop privs and chroot. If any of this
- * fails that is OK, safety is still provided by pledge(2).
+ * If run as regular user, packet parser will rely on
+ * pledge(2). If we are root, we want to chroot also..
*/
+ if (getuid() != 0)
+ return (0);
+
pw = getpwnam("_tcpdump");
if (pw == NULL)
- return (0);
+ errx(1, "unknown user _tcpdump");
/* Attempt to chroot */
if (chroot(pw->pw_dir) == -1)
- return (0);
+ errx(1, "unable to chroot");
if (chdir("/") == -1)
- return (0);
+ err(1, "unable to chdir");
/* drop to _tcpdump */
if (setgroups(1, &pw->pw_gid) == -1)
- return (0);
+ err(1, "setgroups() failed");
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
- return (0);
+ err(1, "setresgid() failed");
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
- return (0);
+ err(1, "setresuid() failed");
return (0);
}