diff options
-rw-r--r-- | capinfos.c | 2 | ||||
-rw-r--r-- | config.nmake | 10 | ||||
-rw-r--r-- | dftest.c | 2 | ||||
-rw-r--r-- | dumpcap.c | 2 | ||||
-rw-r--r-- | editcap.c | 14 | ||||
-rw-r--r-- | gtk/main.c | 2 | ||||
-rw-r--r-- | rawshark.c | 4 | ||||
-rw-r--r-- | tshark.c | 2 | ||||
-rw-r--r-- | wsutil/libwsutil.def | 2 | ||||
-rw-r--r-- | wsutil/privileges.c | 21 | ||||
-rw-r--r-- | wsutil/privileges.h | 6 |
11 files changed, 44 insertions, 23 deletions
diff --git a/capinfos.c b/capinfos.c index 97d852cfef..08017999b4 100644 --- a/capinfos.c +++ b/capinfos.c @@ -816,7 +816,7 @@ main(int argc, char *argv[]) /* * Get credential information for later use. */ - get_credential_info(); + init_process_policies(); #ifdef HAVE_PLUGINS /* Register wiretap plugins */ diff --git a/config.nmake b/config.nmake index eaa3eced3b..f6e7885fe8 100644 --- a/config.nmake +++ b/config.nmake @@ -780,6 +780,7 @@ LOCAL_CFLAGS=$(LOCAL_CFLAGS) /D_BIND_TO_CURRENT_CRT_VERSION=1 !IF "$(MSVC_VARIANT)" == "MSVC2008" || "$(MSVC_VARIANT)" == "MSVC2008EE" || "$(MSVC_VARIANT)" == "MSVC2010" || "$(MSVC_VARIANT)" == "MSVC2010EE" LOCAL_CFLAGS= $(LOCAL_CFLAGS) /MP !ENDIF + # Linker flags: # /DEBUG generate debug info # /PROFILE generate map file(s) for profiling @@ -792,6 +793,15 @@ DLL_LDFLAGS = DLL_LDFLAGS = /MANIFEST:no !ENDIF +# Enable ASLR. Requires VS2008 or later. +# http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx +# DEP is handled in init_process_policies() + +# ASLR http://msdn.microsoft.com/en-us/library/bb384887.aspx +!IF $(MSC_VER_REQUIRED) >= 1500 +LOCAL_LDFLAGS= $(LOCAL_LDFLAGS) /DYNAMICBASE +!ENDIF + PLUGIN_LDFLAGS = /NOLOGO /INCREMENTAL:no $(LOCAL_LDFLAGS) $(DLL_LDFLAGS) # @@ -68,7 +68,7 @@ main(int argc, char **argv) /* * Get credential information for later use. */ - get_credential_info(); + init_process_policies(); /* * Attempt to get the pathname of the executable file. @@ -3569,7 +3569,7 @@ main(int argc, char *argv[]) /* */ /* ----------------------------------------------------------------- */ - get_credential_info(); + init_process_policies(); #ifdef HAVE_LIBCAP /* If 'started with special privileges' (and using libcap) */ @@ -383,9 +383,9 @@ set_strict_time_adj(char *optarg_str_p) optarg_str_p++; } - /* - * check for a negative adjustment - * A negative strict adjustment value is a flag + /* + * check for a negative adjustment + * A negative strict adjustment value is a flag * to adjust all frames by the specifed delta time. */ if (*optarg_str_p == '-') { @@ -807,7 +807,7 @@ main(int argc, char *argv[]) /* * Get credential information for later use. */ - get_credential_info(); + init_process_policies(); #ifdef HAVE_PLUGINS /* Register wiretap plugins */ @@ -1226,9 +1226,9 @@ main(int argc, char *argv[]) phdr = &snap_phdr; } } else { - /* - * A negative strict time adjustment is requested. - * Unconditionally set each timestamp to previous + /* + * A negative strict time adjustment is requested. + * Unconditionally set each timestamp to previous * packet's timestamp plus delta. */ snap_phdr = *phdr; diff --git a/gtk/main.c b/gtk/main.c index 7c52b8f13b..d70880e382 100644 --- a/gtk/main.c +++ b/gtk/main.c @@ -2116,7 +2116,7 @@ main(int argc, char *argv[]) * before doing anything else. * Let the user know if anything happened. */ - get_credential_info(); + init_process_policies(); relinquish_special_privs_perm(); /* diff --git a/rawshark.c b/rawshark.c index 05eba3c3ea..4218941eca 100644 --- a/rawshark.c +++ b/rawshark.c @@ -453,7 +453,7 @@ main(int argc, char *argv[]) /* * Get credential information for later use. */ - get_credential_info(); + init_process_policies(); /* * Clear the filters arrays @@ -480,7 +480,7 @@ main(int argc, char *argv[]) /* * Get credential information for later use. */ - get_credential_info(); + init_process_policies(); /* nothing more than the standard GLib handler, but without a warning */ log_flags = @@ -824,7 +824,7 @@ main(int argc, char *argv[]) /* * Get credential information for later use. */ - get_credential_info(); + init_process_policies(); /* * Attempt to get the pathname of the executable file. diff --git a/wsutil/libwsutil.def b/wsutil/libwsutil.def index 1dff793519..a0d4ed1b47 100644 --- a/wsutil/libwsutil.def +++ b/wsutil/libwsutil.def @@ -42,7 +42,7 @@ mpa_samples mpa_version ; privileges.c -get_credential_info +init_process_policies get_cur_groupname get_cur_username npf_sys_is_running diff --git a/wsutil/privileges.c b/wsutil/privileges.c index 19adbd3d70..4cd1ae4adb 100644 --- a/wsutil/privileges.c +++ b/wsutil/privileges.c @@ -44,8 +44,19 @@ * we'll need later. */ void -get_credential_info(void) +init_process_policies(void) { + typedef BOOL (*SetProcessDEPPolicyHandler)(DWORD); + SetProcessDEPPolicyHandler PSetProcessDEPPolicy; + +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 1 +#endif + + if (PSetProcessDEPPolicy = (SetProcessDEPPolicyHandler) GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "SetProcessDEPPolicy")) { + PSetProcessDEPPolicy(PROCESS_DEP_ENABLE); + } + npf_sys_is_running(); } @@ -149,7 +160,7 @@ npf_sys_is_running() { static uid_t ruid, euid; static gid_t rgid, egid; -static gboolean get_credential_info_called = FALSE; +static gboolean init_process_polices_called = FALSE; /* * Called when the program starts, to save whatever credential information @@ -157,14 +168,14 @@ static gboolean get_credential_info_called = FALSE; * That'd be the real and effective UID and GID on UNIX. */ void -get_credential_info(void) +init_process_polices(void) { ruid = getuid(); euid = geteuid(); rgid = getgid(); egid = getegid(); - get_credential_info_called = TRUE; + init_process_polices_called = TRUE; } /* @@ -174,7 +185,7 @@ get_credential_info(void) gboolean started_with_special_privs(void) { - g_assert(get_credential_info_called); + g_assert(init_process_polices_called); #ifdef HAVE_ISSETUGID return issetugid(); #else diff --git a/wsutil/privileges.h b/wsutil/privileges.h index e45b77807f..7526a8ce75 100644 --- a/wsutil/privileges.h +++ b/wsutil/privileges.h @@ -23,10 +23,10 @@ */ /** - * Called when the program starts, to save whatever credential information - * we'll need later. + * Called when the program starts, to enable security features and save + * whatever credential information we'll need later. */ -extern void get_credential_info(void); +extern void init_process_policies(void); /** * Was this program started with special privileges? get_credential_info() |