diff options
Diffstat (limited to 'main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch')
| -rw-r--r-- | main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch b/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch new file mode 100644 index 0000000000..b0283e6a65 --- /dev/null +++ b/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch @@ -0,0 +1,147 @@ +diff -Naru arpwatch-2.1a15.orig/arpwatch.8 arpwatch-2.1a15/arpwatch.8 +--- arpwatch-2.1a15.orig/arpwatch.8 2006-09-23 22:13:55.000000000 +0400 ++++ arpwatch-2.1a15/arpwatch.8 2006-09-23 22:15:30.000000000 +0400 +@@ -75,6 +75,18 @@ + [ + .B -a + ] ++.br ++.ti +8 ++[ ++.B -u ++.I username ++] ++.br ++.ti +8 ++[ ++.B -R ++.I seconds ++] + .ad + .SH DESCRIPTION + .B Arpwatch +@@ -159,6 +171,32 @@ + .B -N + is given). (This feature comes from Debian). + .LP ++The ++.B -u ++flag instructs ++.B arpwatch ++to drop root privileges and change the UID to ++.I username ++and GID to the primary group of ++.IR username . ++This is recommended for security reasons, but ++.I username ++has to have write access to the default directory. (This feature comes from Debian). ++.LP ++The ++.B -R ++flag instructs ++.B arpwatch ++to restart in ++.I seconds ++seconds after the interface went down. By default, in such cases ++arpwatch would print an error message and exit. This option is ++ignored if either the ++.B -r ++or ++.B -u ++flags are used. (This feature comes from Debian). ++.LP + Note that an empty + .I arp.dat + file must be created before the first time you run +diff -Naru arpwatch-2.1a15.orig/arpwatch.c arpwatch-2.1a15/arpwatch.c +--- arpwatch-2.1a15.orig/arpwatch.c 2006-09-23 22:13:55.000000000 +0400 ++++ arpwatch-2.1a15/arpwatch.c 2006-09-23 22:11:41.000000000 +0400 +@@ -62,7 +62,8 @@ + #include <string.h> + #include <syslog.h> + #include <unistd.h> +- ++#include <pwd.h> ++#include <grp.h> + #include <pcap.h> + + #include "gnuc.h" +@@ -144,6 +145,24 @@ + + static char *interface; + ++void dropprivileges(const char* user) ++{ ++ struct passwd* pw; ++ pw = getpwnam( user ); ++ if ( pw ) { ++ if ( initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 || ++ setuid(pw->pw_uid) != 0 ) { ++ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,pw->pw_uid, pw->pw_gid); ++ exit(1); ++ } ++ } ++ else { ++ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user); ++ exit(1); ++ } ++ syslog(LOG_INFO, "Running as uid=%d gid=%d", getuid(), getgid()); ++} ++ + int + main(int argc, char **argv) + { +@@ -156,6 +175,7 @@ + register char *rfilename; + struct bpf_program code; + char errbuf[PCAP_ERRBUF_SIZE]; ++ char* username = NULL; + char options[] = + "d" + "f:" +@@ -167,6 +187,7 @@ + "s:" + "p" + "a" ++ "u:" + ; + + if (argv[0] == NULL) +@@ -233,6 +254,10 @@ + ++allsubnets; + break; + ++ case 'u': ++ username = optarg; ++ break; ++ + default: + usage(); + } +@@ -310,12 +335,16 @@ + #endif + } + ++ if ( username ) { ++ dropprivileges( username ); ++ } else { + /* + * Revert to non-privileged user after opening sockets + * (not needed on most systems). + */ +- setgid(getgid()); +- setuid(getuid()); ++ setgid(getgid()); ++ setuid(getuid()); ++ } + + /* Must be ethernet or fddi */ + linktype = pcap_datalink(pd); +@@ -793,6 +822,7 @@ + "[-s sendmail_path] " + "[-p] " + "[-a] " ++ "[-u username] " + "\n" + ; + |