diff options
author | Guy Harris <guy@alum.mit.edu> | 2014-06-30 16:11:58 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2014-06-30 23:12:32 +0000 |
commit | efafca71a338b4b938fea68429ea6871f9371673 (patch) | |
tree | 611f7a5d1a75fc53c43ebdc6f3f5154bbc286315 /tfshark.c | |
parent | ac88f7122055a5d352734ef63628fed8d57749b3 (diff) |
Drop privileges very early on.
TShark relies on dumpcap to capture packets, and TFShark doesn't even do
packet capturing (it dissects files, not network traffic), so neither of
them need, or should run with, special privileges. If you *must* run
with special privileges in order to capture, grant those privileges to
dumpcap, which has a *lot* fewer lines of code than libwireshark and
TShark/TFShark.
Change-Id: I8f8fedead355ca163895e025df37240d2f232ba4
Reviewed-on: https://code.wireshark.org/review/2736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'tfshark.c')
-rw-r--r-- | tfshark.c | 14 |
1 files changed, 5 insertions, 9 deletions
@@ -821,9 +821,13 @@ main(int argc, char *argv[]) #endif /* _WIN32 */ /* - * Get credential information for later use. + * Get credential information for later use, and drop privileges + * before doing anything else. + * Let the user know if anything happened. */ init_process_policies(); + relinquish_special_privs_perm(); + print_current_user(); /* * Attempt to get the pathname of the executable file. @@ -1427,14 +1431,6 @@ main(int argc, char *argv[]) * We're reading a capture file. */ - /* - * Immediately relinquish any special privileges we have; we must not - * be allowed to read any capture files the user running TShark - * can't open. - */ - relinquish_special_privs_perm(); - print_current_user(); - /* TODO: if tfshark is ever changed to give the user a choice of which open_routine reader to use, then the following needs to change. */ if (cf_open(&cfile, cf_name, WTAP_TYPE_AUTO, FALSE, &err) != CF_OK) { |