Add code to check whether the app was started with special privileges

(e.g., set-UID or set-GID), and don't load user plugs if it is. svn path=/trunk/; revision=17174
2006-02-06 03:11:34 +00:00 · 2006-02-06 03:11:34 +00:00 · 4c4f18eb3f
parent 41a8855e1b
commit 4c4f18eb3f
7 changed files with 156 additions and 4 deletions
--- a/configure.in
+++ b/configure.in
@ -1200,6 +1200,7 @@ AC_SUBST(STRPTIME_C)
 AC_SUBST(STRPTIME_O)

 AC_CHECK_FUNCS(getprotobynumber gethostbyname2)
+AC_CHECK_FUNCS(issetugid)

 dnl blank for now, but will be used in future
 AC_SUBST(ethereal_SUBDIRS)
--- a/epan/Makefile.common
+++ b/epan/Makefile.common
@ -64,6 +64,7 @@ LIBETHEREAL_SRC = 		\
 	packet.c		\
 	plugins.c		\
 	prefs.c			\
+	privileges.c		\
 	proto.c			\
 	radius_dict.c		\
 	range.c			\
@ -152,6 +153,7 @@ LIBETHEREAL_INCLUDES = 		\
 	ppptypes.h		\
 	prefs.h			\
 	prefs-int.h		\
+	privileges.h		\
 	proto.h			\
 	ptvcursor.h		\
 	range.h			\
--- a/epan/plugins.c
+++ b/epan/plugins.c
@ -49,6 +49,7 @@
 #endif

 #include "filesystem.h"
+#include "privileges.h"
 #include <wiretap/file_util.h>
 #include "report_err.h"

@ -415,11 +416,18 @@ init_plugins(const char *plugin_dir)
 	g_free(datafile_dir);

 	/*
-	 * Scan the users plugin directory.
+	 * If the program wasn't started with special privileges,
+	 * scan the users plugin directory.  (Even if we relinquish
+	 * them, plugins aren't safe unless we've *permanently*
+	 * relinquished them, and we can't do that in Ethereal as,
+	 * if we need privileges to start capturing, we'd need to
+	 * reclaim them before each time we start capturing.)
 	 */
-	datafile_dir = get_plugins_pers_dir();
-	plugins_scan_dir(datafile_dir);
-	g_free(datafile_dir);
+	if (!started_with_special_privs()) {
+	    datafile_dir = get_plugins_pers_dir();
+	    plugins_scan_dir(datafile_dir);
+	    g_free(datafile_dir);
+	}
    }
 }

--- a/epan/privileges.c
+++ b/epan/privileges.c
@ -0,0 +1,95 @@
+/* privileges.c
+ * Routines for handling privileges, e.g. set-UID and set-GID on UNIX.
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 2006 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+
+#include "privileges.h"
+
+#ifdef _WIN32
+
+/*
+ * Called when the program starts, to save whatever credential information
+ * we'll need later.
+ */
+void
+get_credential_info(void)
+{
+}
+
+/*
+ * For now, we say the program wasn't started with special privileges.
+ * There are ways of running programs with credentials other than those
+ * for the session in which it's run, but I don't know whether that'd be
+ * done with Ethereal/Tethereal or not.
+ */
+gboolean
+started_with_special_privs(void)
+{
+	return FALSE;
+}
+
+#else /* _WIN32 */
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+static uid_t ruid, euid;
+static gid_t rgid, egid;
+
+/*
+ * Called when the program starts, to save whatever credential information
+ * we'll need later.
+ * That'd be the real and effective UID and GID on UNIX.
+ */
+void
+get_credential_info(void)
+{
+	ruid = getuid();
+	euid = geteuid();
+	rgid = getgid();
+	egid = getegid();
+}
+
+/*
+ * "Started with special privileges" means "started out set-UID or set-GID".
+ */
+gboolean
+started_with_special_privs(void)
+{
+#ifdef HAVE_ISSETUGID
+	return issetugid();
+#else
+	return (ruid != euid || rgid != egid);
+#endif
+}
+#endif /* _WIN32 */
--- a/epan/privileges.h
+++ b/epan/privileges.h
@ -0,0 +1,34 @@
+/* privileges.h
+ * Declarations of routines for handling privileges.
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 2006 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/*
+ * Called when the program starts, to save whatever credential information
+ * we'll need later.
+ */
+extern void get_credential_info(void);
+
+/*
+ * Was this program started with special privileges?
+ */
+extern gboolean started_with_special_privs(void);
--- a/gtk/main.c
+++ b/gtk/main.c
@ -54,6 +54,7 @@

 #include <epan/epan.h>
 #include <epan/filesystem.h>
+#include <epan/privileges.h>
 #include <epan/epan_dissect.h>
 #include <epan/timestamp.h>
 #include <epan/packet.h>
@ -1912,6 +1913,11 @@ main(int argc, char *argv[])
  char optstring[sizeof(OPTSTRING_INIT) + sizeof(OPTSTRING_CHILD) + sizeof(OPTSTRING_WIN32) - 2] =
    OPTSTRING_INIT OPTSTRING_WIN32;

+  /*
+   * Get credential information for later use.
+   */
+  get_credential_info();
+
  /* initialize memory allocation subsystem */
  ep_init_chunk();
  se_init_chunk();
--- a/tethereal.c
+++ b/tethereal.c
@ -62,6 +62,7 @@
 #include <glib.h>
 #include <epan/epan.h>
 #include <epan/filesystem.h>
+#include <epan/privileges.h>
 #include <wiretap/file_util.h>

 #include "globals.h"
@ -694,6 +695,11 @@ main(int argc, char *argv[])

  static const char    optstring[] = OPTSTRING_INIT OPTSTRING_WIN32;

+  /*
+   * Get credential information for later use.
+   */
+  get_credential_info();
+
  /* nothing more than the standard GLib handler, but without a warning */
  log_flags = 
 		    G_LOG_LEVEL_ERROR|