From dd67b7755e42577c175dbd227baa405747b15cd0 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sun, 24 Jul 2016 22:46:32 +0000 Subject: [PATCH] Split the root vs not-root cases better with regards to chroot setup. ok kettenis benno tedu canacar --- usr.sbin/tcpdump/privsep.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index 8bc37b65795..cdc19141dd2 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.41 2016/07/21 07:22:38 deraadt Exp $ */ +/* $OpenBSD: privsep.c,v 1.42 2016/07/24 22:46:32 deraadt Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -164,26 +164,29 @@ priv_init(int argc, char **argv) sigprocmask(SIG_SETMASK, &oset, NULL); /* - * Parent, attempt to drop privs and chroot. If any of this - * fails that is OK, safety is still provided by pledge(2). + * If run as regular user, packet parser will rely on + * pledge(2). If we are root, we want to chroot also.. */ + if (getuid() != 0) + return (0); + pw = getpwnam("_tcpdump"); if (pw == NULL) - return (0); + errx(1, "unknown user _tcpdump"); /* Attempt to chroot */ if (chroot(pw->pw_dir) == -1) - return (0); + errx(1, "unable to chroot"); if (chdir("/") == -1) - return (0); + err(1, "unable to chdir"); /* drop to _tcpdump */ if (setgroups(1, &pw->pw_gid) == -1) - return (0); + err(1, "setgroups() failed"); if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) - return (0); + err(1, "setresgid() failed"); if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) - return (0); + err(1, "setresuid() failed"); return (0); } -- 2.20.1