Move the code to relinquish set-UID and set-GID privileges to a routine

in epan/privileges.c.

svn path=/trunk/; revision=17181

3 files changed, 36 insertions, 15 deletions

diff --git a/epan/privileges.c b/epan/privileges.c
index 8739cb9fba..af4de43c3c 100644
--- a/epan/privileges.c
+++ b/epan/privileges.c
@@ -53,6 +53,14 @@ started_with_special_privs(void)
 	return FALSE;
 }
 
+/*
+ * For now, we don't do anything when asked to relinquish special privileges.
+ */
+void
+relinquish_special_privs_perm(void)
+{
+}
+
 #else /* _WIN32 */
 
 #ifdef HAVE_SYS_TYPES_H
@@ -92,4 +100,17 @@ started_with_special_privs(void)
 	return (ruid != euid || rgid != egid);
 #endif
 }
+
+/*
+ * Permanently relinquish  set-UID and set-GID privileges.
+ * Ignore errors for now - if we have the privileges, we should
+ * be able to relinquish them.
+ */
+void
+relinquish_special_privs_perm(void)
+{
+	setuid(ruid);
+	setgid(rgid);
+}
+
 #endif /* _WIN32 */
diff --git a/epan/privileges.h b/epan/privileges.h
index 71b7d535c7..a3fdae8691 100644
--- a/epan/privileges.h
+++ b/epan/privileges.h
@@ -32,3 +32,8 @@ extern void get_credential_info(void);
  * Was this program started with special privileges?
  */
 extern gboolean started_with_special_privs(void);
+
+/*
+ * Permanently relinquish special privileges.
+ */
+extern void relinquish_special_privs_perm(void);
diff --git a/tethereal.c b/tethereal.c
index b2d769e187..5d0cdb8666 100644
--- a/tethereal.c
+++ b/tethereal.c
@@ -1311,15 +1311,12 @@ main(int argc, char *argv[])
      * We're reading a capture file.
      */
 
-#ifndef _WIN32
     /*
-     * Immediately relinquish any set-UID or set-GID privileges we have;
-     * we must not be allowed to read any capture files the user running
-     * Tethereal can't open.
+     * Immediately relinquish any special privileges we have; we must not
+     * be allowed to read any capture files the user running Tethereal
+     * can't open.
      */
-    setuid(getuid());
-    setgid(getgid());
-#endif
+    relinquish_special_privs_perm();
 
     if (cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) {
       epan_cleanup();
@@ -1457,21 +1454,19 @@ capture(int out_file_type)
     goto error;
   }
 
-#ifndef _WIN32
   /*
-   * We've opened the capture device, so, if we're set-UID or set-GID,
-   * relinquish those privileges.
+   * We've opened the capture device, so we shouldn't need any special
+   * privileges any more; relinquish those privileges.
    *
    * XXX - if we have saved set-user-ID support, we should give up those
    * privileges immediately, and then reclaim them long enough to get
    * a list of network interfaces and to open one, and then give them
    * up again, so that stuff we do while processing the argument list,
-   * reading the user's preferences, etc. is done as the real user and
-   * group, not the effective user and group.
+   * reading the user's preferences, loading and starting plugins
+   * (especially *user* plugins), etc. is done with the user's privileges,
+   * not special privileges.
    */
-  setuid(getuid());
-  setgid(getgid());
-#endif
+  relinquish_special_privs_perm();
 
   /* open the output file (temporary/specified name/ringbuffer/named pipe/stdout) */
   if (!capture_loop_open_output(&capture_opts, &save_file_fd, errmsg, sizeof(errmsg))) {