X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Foptions.c;h=a85239abb0c523908e2e51d69d2b296b79754fb2;hb=dd39af173ba7e20360fff462cd5848aeb9471a4c;hp=fb83dee1f8b092623d7d862613c10b638a7d932b;hpb=0b6b481854230b3ea1e613f05800f17eb4fcc204;p=ppp.git diff --git a/pppd/options.c b/pppd/options.c index fb83dee..a85239a 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -40,7 +40,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: options.c,v 1.97 2005/07/09 04:58:36 paulus Exp $" +#define RCSID "$Id: options.c,v 1.100 2006/06/18 11:26:00 paulus Exp $" #include #include @@ -58,14 +58,19 @@ #ifdef PPP_FILTER #include /* - * DLT_PPP_WITH_DIRECTION is in current libpcap cvs, and should be in - * libpcap-0.8.4. Until that is released, use DLT_PPP - but that means + * There have been 3 or 4 different names for this in libpcap CVS, but + * this seems to be what they have settled on... + * For older versions of libpcap, use DLT_PPP - but that means * we lose the inbound and outbound qualifiers. */ -#ifndef DLT_PPP_WITHDIRECTION -#define DLT_PPP_WITHDIRECTION DLT_PPP +#ifndef DLT_PPP_PPPD +#ifdef DLT_PPP_WITHDIRECTION +#define DLT_PPP_PPPD DLT_PPP_WITHDIRECTION +#else +#define DLT_PPP_PPPD DLT_PPP #endif #endif +#endif /* PPP_FILTER */ #include "pppd.h" #include "pathnames.h" @@ -394,16 +399,20 @@ options_from_file(filename, must_exist, check_prot, priv) option_t *opt; int oldpriv, n; char *oldsource; + uid_t euid; char *argv[MAXARGS]; char args[MAXARGS][MAXWORDLEN]; char cmd[MAXWORDLEN]; - if (check_prot) - seteuid(getuid()); + euid = geteuid(); + if (check_prot && seteuid(getuid()) == -1) { + option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } f = fopen(filename, "r"); err = errno; - if (check_prot) - seteuid(0); + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); if (f == NULL) { errno = err; if (!must_exist) { @@ -1449,7 +1458,7 @@ setpassfilter(argv) pcap_t *pc; int ret = 1; - pc = pcap_open_dead(DLT_PPP_WITHDIRECTION, 65535); + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { option_error("error in pass-filter expression: %s\n", pcap_geterr(pc)); @@ -1470,7 +1479,7 @@ setactivefilter(argv) pcap_t *pc; int ret = 1; - pc = pcap_open_dead(DLT_PPP_WITHDIRECTION, 65535); + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { option_error("error in active-filter expression: %s\n", pcap_geterr(pc)); @@ -1505,15 +1514,19 @@ setlogfile(argv) char **argv; { int fd, err; + uid_t euid; - if (!privileged_option) - seteuid(getuid()); + euid = geteuid(); + if (!privileged_option && seteuid(getuid()) == -1) { + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); if (fd < 0 && errno == EEXIST) fd = open(*argv, O_WRONLY | O_APPEND); err = errno; - if (!privileged_option) - seteuid(0); + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); if (fd < 0) { errno = err; option_error("Can't open log file %s: %m", *argv);