aboutsummaryrefslogtreecommitdiffstats
path: root/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch')
-rw-r--r--main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch147
1 files changed, 147 insertions, 0 deletions
diff --git a/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch b/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch
new file mode 100644
index 000000000..b0283e6a6
--- /dev/null
+++ b/main/arpwatch/08_all_arpwatch-2.1a15-drop-priveleges.patch
@@ -0,0 +1,147 @@
+diff -Naru arpwatch-2.1a15.orig/arpwatch.8 arpwatch-2.1a15/arpwatch.8
+--- arpwatch-2.1a15.orig/arpwatch.8 2006-09-23 22:13:55.000000000 +0400
++++ arpwatch-2.1a15/arpwatch.8 2006-09-23 22:15:30.000000000 +0400
+@@ -75,6 +75,18 @@
+ [
+ .B -a
+ ]
++.br
++.ti +8
++[
++.B -u
++.I username
++]
++.br
++.ti +8
++[
++.B -R
++.I seconds
++]
+ .ad
+ .SH DESCRIPTION
+ .B Arpwatch
+@@ -159,6 +171,32 @@
+ .B -N
+ is given). (This feature comes from Debian).
+ .LP
++The
++.B -u
++flag instructs
++.B arpwatch
++to drop root privileges and change the UID to
++.I username
++and GID to the primary group of
++.IR username .
++This is recommended for security reasons, but
++.I username
++has to have write access to the default directory. (This feature comes from Debian).
++.LP
++The
++.B -R
++flag instructs
++.B arpwatch
++to restart in
++.I seconds
++seconds after the interface went down. By default, in such cases
++arpwatch would print an error message and exit. This option is
++ignored if either the
++.B -r
++or
++.B -u
++flags are used. (This feature comes from Debian).
++.LP
+ Note that an empty
+ .I arp.dat
+ file must be created before the first time you run
+diff -Naru arpwatch-2.1a15.orig/arpwatch.c arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15.orig/arpwatch.c 2006-09-23 22:13:55.000000000 +0400
++++ arpwatch-2.1a15/arpwatch.c 2006-09-23 22:11:41.000000000 +0400
+@@ -62,7 +62,8 @@
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
+-
++#include <pwd.h>
++#include <grp.h>
+ #include <pcap.h>
+
+ #include "gnuc.h"
+@@ -144,6 +145,24 @@
+
+ static char *interface;
+
++void dropprivileges(const char* user)
++{
++ struct passwd* pw;
++ pw = getpwnam( user );
++ if ( pw ) {
++ if ( initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 ||
++ setuid(pw->pw_uid) != 0 ) {
++ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,pw->pw_uid, pw->pw_gid);
++ exit(1);
++ }
++ }
++ else {
++ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
++ exit(1);
++ }
++ syslog(LOG_INFO, "Running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -156,6 +175,7 @@
+ register char *rfilename;
+ struct bpf_program code;
+ char errbuf[PCAP_ERRBUF_SIZE];
++ char* username = NULL;
+ char options[] =
+ "d"
+ "f:"
+@@ -167,6 +187,7 @@
+ "s:"
+ "p"
+ "a"
++ "u:"
+ ;
+
+ if (argv[0] == NULL)
+@@ -233,6 +254,10 @@
+ ++allsubnets;
+ break;
+
++ case 'u':
++ username = optarg;
++ break;
++
+ default:
+ usage();
+ }
+@@ -310,12 +335,16 @@
+ #endif
+ }
+
++ if ( username ) {
++ dropprivileges( username );
++ } else {
+ /*
+ * Revert to non-privileged user after opening sockets
+ * (not needed on most systems).
+ */
+- setgid(getgid());
+- setuid(getuid());
++ setgid(getgid());
++ setuid(getuid());
++ }
+
+ /* Must be ethernet or fddi */
+ linktype = pcap_datalink(pd);
+@@ -793,6 +822,7 @@
+ "[-s sendmail_path] "
+ "[-p] "
+ "[-a] "
++ "[-u username] "
+ "\n"
+ ;
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-26 07:56:29 +0000