diff options
author | tuexen <tuexen@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-19 20:48:58 +0000 |
---|---|---|
committer | tuexen <tuexen@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-05-19 20:48:58 +0000 |
commit | db50fef0aa5424ed376dfcb9b1acb474f5be2375 (patch) | |
tree | e827ff497e18ca36388a184efe2cec1a1718053f /dumpcap.c | |
parent | 7e61411cda09708b66d296373593e21be936968b (diff) |
Drop privileges after opening all pcap devices, not after the first one...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37311 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'dumpcap.c')
-rw-r--r-- | dumpcap.c | 32 |
1 files changed, 20 insertions, 12 deletions
@@ -617,18 +617,6 @@ open_capture_device(interface_options *interface_opts, *open_err_str); #endif } - - /* If not using libcap: we now can now set euid/egid to ruid/rgid */ - /* to remove any suid privileges. */ - /* If using libcap: we can now remove NET_RAW and NET_ADMIN capabilities */ - /* (euid/egid have already previously been set to ruid/rgid. */ - /* (See comment in main() for details) */ -#ifndef HAVE_LIBCAP - relinquish_special_privs_perm(); -#else - relinquish_all_capabilities(); -#endif - return pcap_h; } @@ -803,6 +791,16 @@ show_filter_code(capture_options *capture_opts) for (i = 0; i < fcode.bf_len; insn++, i++) printf("%s\n", bpf_image(insn, i)); } + /* If not using libcap: we now can now set euid/egid to ruid/rgid */ + /* to remove any suid privileges. */ + /* If using libcap: we can now remove NET_RAW and NET_ADMIN capabilities */ + /* (euid/egid have already previously been set to ruid/rgid. */ + /* (See comment in main() for details) */ +#ifndef HAVE_LIBCAP + relinquish_special_privs_perm(); +#else + relinquish_all_capabilities(); +#endif if (capture_child) { /* Let our parent know we succeeded. */ pipe_write_block(2, SP_SUCCESS, NULL); @@ -2390,6 +2388,16 @@ capture_loop_open_input(capture_options *capture_opts, loop_data *ld, g_array_append_val(ld->pcaps, pcap_opts); } + /* If not using libcap: we now can now set euid/egid to ruid/rgid */ + /* to remove any suid privileges. */ + /* If using libcap: we can now remove NET_RAW and NET_ADMIN capabilities */ + /* (euid/egid have already previously been set to ruid/rgid. */ + /* (See comment in main() for details) */ +#ifndef HAVE_LIBCAP + relinquish_special_privs_perm(); +#else + relinquish_all_capabilities(); +#endif return TRUE; } |