diff options
author | Guy Harris <guy@alum.mit.edu> | 2006-02-06 10:27:27 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2006-02-06 10:27:27 +0000 |
commit | c897da2ded8abf510f60bf368e24ac1f8442fada (patch) | |
tree | 5614947fbb5d835d8165eab102d14dbb2496bd7c | |
parent | 4a2048a5efa3d3f0ff376e886ffa69f163333248 (diff) |
Move the code to relinquish set-UID and set-GID privileges to a routine
in epan/privileges.c.
svn path=/trunk/; revision=17181
-rw-r--r-- | epan/privileges.c | 21 | ||||
-rw-r--r-- | epan/privileges.h | 5 | ||||
-rw-r--r-- | tethereal.c | 25 |
3 files changed, 36 insertions, 15 deletions
diff --git a/epan/privileges.c b/epan/privileges.c index 8739cb9fba..af4de43c3c 100644 --- a/epan/privileges.c +++ b/epan/privileges.c @@ -53,6 +53,14 @@ started_with_special_privs(void) return FALSE; } +/* + * For now, we don't do anything when asked to relinquish special privileges. + */ +void +relinquish_special_privs_perm(void) +{ +} + #else /* _WIN32 */ #ifdef HAVE_SYS_TYPES_H @@ -92,4 +100,17 @@ started_with_special_privs(void) return (ruid != euid || rgid != egid); #endif } + +/* + * Permanently relinquish set-UID and set-GID privileges. + * Ignore errors for now - if we have the privileges, we should + * be able to relinquish them. + */ +void +relinquish_special_privs_perm(void) +{ + setuid(ruid); + setgid(rgid); +} + #endif /* _WIN32 */ diff --git a/epan/privileges.h b/epan/privileges.h index 71b7d535c7..a3fdae8691 100644 --- a/epan/privileges.h +++ b/epan/privileges.h @@ -32,3 +32,8 @@ extern void get_credential_info(void); * Was this program started with special privileges? */ extern gboolean started_with_special_privs(void); + +/* + * Permanently relinquish special privileges. + */ +extern void relinquish_special_privs_perm(void); diff --git a/tethereal.c b/tethereal.c index b2d769e187..5d0cdb8666 100644 --- a/tethereal.c +++ b/tethereal.c @@ -1311,15 +1311,12 @@ main(int argc, char *argv[]) * We're reading a capture file. */ -#ifndef _WIN32 /* - * Immediately relinquish any set-UID or set-GID privileges we have; - * we must not be allowed to read any capture files the user running - * Tethereal can't open. + * Immediately relinquish any special privileges we have; we must not + * be allowed to read any capture files the user running Tethereal + * can't open. */ - setuid(getuid()); - setgid(getgid()); -#endif + relinquish_special_privs_perm(); if (cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) { epan_cleanup(); @@ -1457,21 +1454,19 @@ capture(int out_file_type) goto error; } -#ifndef _WIN32 /* - * We've opened the capture device, so, if we're set-UID or set-GID, - * relinquish those privileges. + * We've opened the capture device, so we shouldn't need any special + * privileges any more; relinquish those privileges. * * XXX - if we have saved set-user-ID support, we should give up those * privileges immediately, and then reclaim them long enough to get * a list of network interfaces and to open one, and then give them * up again, so that stuff we do while processing the argument list, - * reading the user's preferences, etc. is done as the real user and - * group, not the effective user and group. + * reading the user's preferences, loading and starting plugins + * (especially *user* plugins), etc. is done with the user's privileges, + * not special privileges. */ - setuid(getuid()); - setgid(getgid()); -#endif + relinquish_special_privs_perm(); /* open the output file (temporary/specified name/ringbuffer/named pipe/stdout) */ if (!capture_loop_open_output(&capture_opts, &save_file_fd, errmsg, sizeof(errmsg))) { |