commit 6b21958ad199049a89afd757ec0cfc26a9510dc8
parent 97e4e6cd23c8ddcc3810f53303f6443a5d297f47
Author: Jordan Ritter <jpr5@darkridge.com>
Date: Sat, 27 Dec 2003 01:14:23 +0000
changes for supporting --with-nonroot-dropprivs (drop privileges even
when not root)
Diffstat:
| M | Makefile.in | | | 4 | +++- |
| M | configure | | | 198 | +++++++++++++++++++++++++++++++++++++++++++------------------------------------ |
| M | configure.in | | | 25 | +++++++++++++++++++++---- |
| M | ngrep.c | | | 22 | ++++++++++++++++------ |
4 files changed, 149 insertions(+), 100 deletions(-)
diff --git a/Makefile.in b/Makefile.in
@@ -9,7 +9,7 @@
CC=@CC@
INCLUDES=-I@srcdir@ @PCAP_INCLUDE@
-CFLAGS=@CFLAGS@ @DEFS@ -DSAFE_USER='"@SAFE_USER@"'
+CFLAGS=@CFLAGS@ @DEFS@ -DSAFE_USER='"@SAFE_USER@"' -DDROP_ONLY_ROOT=@DROP_ONLY_ROOT@
LDFLAGS=@LDFLAGS@ @PCAP_LINK@
LIBS=-lpcap @EXTRA_LIBS@
STRIPFLAG=@STRIPFLAG@
@@ -48,6 +48,8 @@ pcre:
regex:
@( cd regex-0.12; make $(REGEX_OBJS) && cp -f $(REGEX_OBJS) .. )
+$(OBJS): Makefile
+
.c.o:
$(CC) $(CFLAGS) $(INCLUDES) -g -c $<
diff --git a/configure b/configure
@@ -12,13 +12,15 @@ ac_help=
ac_default_prefix=/usr/local
# Any additions from configure.in:
ac_help="$ac_help
- --with-pcap-includes specify the pcap include directory"
+ --with-pcap-includes specify the pcap include directory"
ac_help="$ac_help
- --with-pcre use PCRE instead of GNU regex"
+ --with-pcre use PCRE instead of GNU regex"
ac_help="$ac_help
- --with-safe-user use user instead of "nobody" for dropprivs"
+ --with-safe-user use user instead of "nobody" for dropprivs"
ac_help="$ac_help
- --with-restart use libpcap restart func"
+ --with-nonroot-dropprivs drop privs even if not root"
+ac_help="$ac_help
+ --with-restart use libpcap restart func"
# Initialize some variables set by options.
# The variables have the same names as the options, with
@@ -577,7 +579,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
fi
echo $ac_n "checking host system type""... $ac_c" 1>&6
-echo "configure:581: checking host system type" >&5
+echo "configure:583: checking host system type" >&5
host_alias=$host
case "$host_alias" in
@@ -598,7 +600,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$ac_t""$host" 1>&6
echo $ac_n "checking target system type""... $ac_c" 1>&6
-echo "configure:602: checking target system type" >&5
+echo "configure:604: checking target system type" >&5
target_alias=$target
case "$target_alias" in
@@ -616,7 +618,7 @@ target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$ac_t""$target" 1>&6
echo $ac_n "checking build system type""... $ac_c" 1>&6
-echo "configure:620: checking build system type" >&5
+echo "configure:622: checking build system type" >&5
build_alias=$build
case "$build_alias" in
@@ -642,7 +644,7 @@ test "$host_alias" != "$target_alias" &&
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:646: checking for $ac_word" >&5
+echo "configure:648: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -672,7 +674,7 @@ if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:676: checking for $ac_word" >&5
+echo "configure:678: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -723,7 +725,7 @@ fi
# Extract the first word of "cl", so it can be a program name with args.
set dummy cl; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:727: checking for $ac_word" >&5
+echo "configure:729: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -755,7 +757,7 @@ fi
fi
echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:759: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:761: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
ac_ext=c
# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
@@ -766,12 +768,12 @@ cross_compiling=$ac_cv_prog_cc_cross
cat > conftest.$ac_ext << EOF
-#line 770 "configure"
+#line 772 "configure"
#include "confdefs.h"
main(){return(0);}
EOF
-if { (eval echo configure:775: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:777: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
ac_cv_prog_cc_works=yes
# If we can't run a trivial program, we are probably using a cross compiler.
if (./conftest; exit) 2>/dev/null; then
@@ -797,12 +799,12 @@ if test $ac_cv_prog_cc_works = no; then
{ echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
fi
echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:801: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "configure:803: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
cross_compiling=$ac_cv_prog_cc_cross
echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:806: checking whether we are using GNU C" >&5
+echo "configure:808: checking whether we are using GNU C" >&5
if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -811,7 +813,7 @@ else
yes;
#endif
EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:815: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:817: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
ac_cv_prog_gcc=yes
else
ac_cv_prog_gcc=no
@@ -830,7 +832,7 @@ ac_test_CFLAGS="${CFLAGS+set}"
ac_save_CFLAGS="$CFLAGS"
CFLAGS=
echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:834: checking whether ${CC-cc} accepts -g" >&5
+echo "configure:836: checking whether ${CC-cc} accepts -g" >&5
if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -866,7 +868,7 @@ echo $ac_n "checking for prefix by $ac_c" 1>&6
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:870: checking for $ac_word" >&5
+echo "configure:872: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_GCC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -905,7 +907,7 @@ fi
echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:909: checking how to run the C preprocessor" >&5
+echo "configure:911: checking how to run the C preprocessor" >&5
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
@@ -920,13 +922,13 @@ else
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp.
cat > conftest.$ac_ext <<EOF
-#line 924 "configure"
+#line 926 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:930: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:932: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -937,13 +939,13 @@ else
rm -rf conftest*
CPP="${CC-cc} -E -traditional-cpp"
cat > conftest.$ac_ext <<EOF
-#line 941 "configure"
+#line 943 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:947: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -954,13 +956,13 @@ else
rm -rf conftest*
CPP="${CC-cc} -nologo -E"
cat > conftest.$ac_ext <<EOF
-#line 958 "configure"
+#line 960 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:964: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:966: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -985,12 +987,12 @@ fi
echo "$ac_t""$CPP" 1>&6
echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:989: checking for ANSI C header files" >&5
+echo "configure:991: checking for ANSI C header files" >&5
if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 994 "configure"
+#line 996 "configure"
#include "confdefs.h"
#include <stdlib.h>
#include <stdarg.h>
@@ -998,7 +1000,7 @@ else
#include <float.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1002: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1004: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1015,7 +1017,7 @@ rm -f conftest*
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1019 "configure"
+#line 1021 "configure"
#include "confdefs.h"
#include <string.h>
EOF
@@ -1033,7 +1035,7 @@ fi
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1037 "configure"
+#line 1039 "configure"
#include "confdefs.h"
#include <stdlib.h>
EOF
@@ -1054,7 +1056,7 @@ if test "$cross_compiling" = yes; then
:
else
cat > conftest.$ac_ext <<EOF
-#line 1058 "configure"
+#line 1060 "configure"
#include "confdefs.h"
#include <ctype.h>
#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1065,7 +1067,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
exit (0); }
EOF
-if { (eval echo configure:1069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
:
else
@@ -1089,12 +1091,12 @@ EOF
fi
echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1093: checking for working const" >&5
+echo "configure:1095: checking for working const" >&5
if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1098 "configure"
+#line 1100 "configure"
#include "confdefs.h"
int main() {
@@ -1143,7 +1145,7 @@ ccp = (char const *const *) p;
; return 0; }
EOF
-if { (eval echo configure:1147: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1149: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_c_const=yes
else
@@ -1164,12 +1166,12 @@ EOF
fi
echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:1168: checking for size_t" >&5
+echo "configure:1170: checking for size_t" >&5
if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1173 "configure"
+#line 1175 "configure"
#include "confdefs.h"
#include <sys/types.h>
#if STDC_HEADERS
@@ -1197,12 +1199,12 @@ EOF
fi
echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:1201: checking return type of signal handlers" >&5
+echo "configure:1203: checking return type of signal handlers" >&5
if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1206 "configure"
+#line 1208 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <signal.h>
@@ -1219,7 +1221,7 @@ int main() {
int i;
; return 0; }
EOF
-if { (eval echo configure:1223: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1225: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_type_signal=void
else
@@ -1240,19 +1242,19 @@ EOF
# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
# for constant arguments. Useless!
echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
-echo "configure:1244: checking for working alloca.h" >&5
+echo "configure:1246: checking for working alloca.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1249 "configure"
+#line 1251 "configure"
#include "confdefs.h"
#include <alloca.h>
int main() {
char *p = alloca(2 * sizeof(int));
; return 0; }
EOF
-if { (eval echo configure:1256: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1258: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ac_cv_header_alloca_h=yes
else
@@ -1273,12 +1275,12 @@ EOF
fi
echo $ac_n "checking for alloca""... $ac_c" 1>&6
-echo "configure:1277: checking for alloca" >&5
+echo "configure:1279: checking for alloca" >&5
if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1282 "configure"
+#line 1284 "configure"
#include "confdefs.h"
#ifdef __GNUC__
@@ -1306,7 +1308,7 @@ int main() {
char *p = (char *) alloca(1);
; return 0; }
EOF
-if { (eval echo configure:1310: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ac_cv_func_alloca_works=yes
else
@@ -1338,12 +1340,12 @@ EOF
echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
-echo "configure:1342: checking whether alloca needs Cray hooks" >&5
+echo "configure:1344: checking whether alloca needs Cray hooks" >&5
if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1347 "configure"
+#line 1349 "configure"
#include "confdefs.h"
#if defined(CRAY) && ! defined(CRAY2)
webecray
@@ -1368,12 +1370,12 @@ echo "$ac_t""$ac_cv_os_cray" 1>&6
if test $ac_cv_os_cray = yes; then
for ac_func in _getb67 GETB67 getb67; do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1372: checking for $ac_func" >&5
+echo "configure:1374: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1377 "configure"
+#line 1379 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -1396,7 +1398,7 @@ $ac_func();
; return 0; }
EOF
-if { (eval echo configure:1400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1402: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -1423,7 +1425,7 @@ done
fi
echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
-echo "configure:1427: checking stack direction for C alloca" >&5
+echo "configure:1429: checking stack direction for C alloca" >&5
if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1431,7 +1433,7 @@ else
ac_cv_c_stack_direction=0
else
cat > conftest.$ac_ext <<EOF
-#line 1435 "configure"
+#line 1437 "configure"
#include "confdefs.h"
find_stack_direction ()
{
@@ -1450,7 +1452,7 @@ main ()
exit (find_stack_direction() < 0);
}
EOF
-if { (eval echo configure:1454: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1456: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_c_stack_direction=1
else
@@ -1474,17 +1476,17 @@ fi
ac_safe=`echo "strings.h" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for strings.h""... $ac_c" 1>&6
-echo "configure:1478: checking for strings.h" >&5
+echo "configure:1480: checking for strings.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1483 "configure"
+#line 1485 "configure"
#include "confdefs.h"
#include <strings.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1488: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1490: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1508,17 +1510,17 @@ fi
ac_safe=`echo "netinet/if_ether.h" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for netinet/if_ether.h""... $ac_c" 1>&6
-echo "configure:1512: checking for netinet/if_ether.h" >&5
+echo "configure:1514: checking for netinet/if_ether.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1517 "configure"
+#line 1519 "configure"
#include "confdefs.h"
#include <netinet/if_ether.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1524: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1545,7 +1547,7 @@ fi
echo $ac_n "checking for a complete set of pcap headers""... $ac_c" 1>&6
-echo "configure:1549: checking for a complete set of pcap headers" >&5
+echo "configure:1551: checking for a complete set of pcap headers" >&5
possible_dirs="`eval echo -n ${includedir}` \
/usr/include /usr/include/pcap \
@@ -1592,7 +1594,7 @@ else
echo $ac_n "checking for usable bpf.h""... $ac_c" 1>&6
-echo "configure:1596: checking for usable bpf.h" >&5
+echo "configure:1598: checking for usable bpf.h" >&5
if test -n "`grep DLT_RAW $pcap_dir/net/bpf.h`" ; then
echo yep
else
@@ -1657,11 +1659,28 @@ fi
+
+# Check whether --with-nonroot-dropprivs or --without-nonroot-dropprivs was given.
+if test "${with_nonroot_dropprivs+set}" = set; then
+ withval="$with_nonroot_dropprivs"
+
+ DROP_ONLY_ROOT="1"
+
+else
+
+ DROP_ONLY_ROOT="0"
+
+
+fi
+
+
+
+
present=""
echo $ac_n "checking for DLT_LINUX_SLL in bpf.h""... $ac_c" 1>&6
-echo "configure:1663: checking for DLT_LINUX_SLL in bpf.h" >&5
+echo "configure:1682: checking for DLT_LINUX_SLL in bpf.h" >&5
cat > conftest.$ac_ext <<EOF
-#line 1665 "configure"
+#line 1684 "configure"
#include "confdefs.h"
#include <net/bpf.h>
@@ -1688,9 +1707,9 @@ EOF
present=""
echo $ac_n "checking for DLT_LOOP in bpf.h""... $ac_c" 1>&6
-echo "configure:1692: checking for DLT_LOOP in bpf.h" >&5
+echo "configure:1711: checking for DLT_LOOP in bpf.h" >&5
cat > conftest.$ac_ext <<EOF
-#line 1694 "configure"
+#line 1713 "configure"
#include "confdefs.h"
#include <net/bpf.h>
@@ -1717,9 +1736,9 @@ EOF
present=""
echo $ac_n "checking for DLT_IEEE802_11 in bpf.h""... $ac_c" 1>&6
-echo "configure:1721: checking for DLT_IEEE802_11 in bpf.h" >&5
+echo "configure:1740: checking for DLT_IEEE802_11 in bpf.h" >&5
cat > conftest.$ac_ext <<EOF
-#line 1723 "configure"
+#line 1742 "configure"
#include "confdefs.h"
#include <net/bpf.h>
@@ -1765,9 +1784,9 @@ EOF
echo $ac_n "checking for a dumb udphdr declaration""... $ac_c" 1>&6
-echo "configure:1769: checking for a dumb udphdr declaration" >&5
+echo "configure:1788: checking for a dumb udphdr declaration" >&5
cat > conftest.$ac_ext <<EOF
-#line 1771 "configure"
+#line 1790 "configure"
#include "confdefs.h"
#ifndef __FAVOR_BSD
#define __FAVOR_BSD
@@ -1787,7 +1806,7 @@ unsigned short bar = foo.uh_sport;
; return 0; }
EOF
-if { (eval echo configure:1791: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1810: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
echo nope
else
@@ -1818,7 +1837,7 @@ EOF
echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6
-echo "configure:1822: checking for socket in -lsocket" >&5
+echo "configure:1841: checking for socket in -lsocket" >&5
ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1826,7 +1845,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lsocket $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1830 "configure"
+#line 1849 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1837,7 +1856,7 @@ int main() {
socket()
; return 0; }
EOF
-if { (eval echo configure:1841: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1860: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1866,7 +1885,7 @@ echo no socket in -lsocket\?; exit
fi
echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
-echo "configure:1870: checking for gethostbyname in -lnsl" >&5
+echo "configure:1889: checking for gethostbyname in -lnsl" >&5
ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1874,7 +1893,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lnsl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1878 "configure"
+#line 1897 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1885,7 +1904,7 @@ int main() {
gethostbyname()
; return 0; }
EOF
-if { (eval echo configure:1889: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1908: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1969,7 +1988,7 @@ esac
echo $ac_n "checking for pcap_open_live in -lpcap""... $ac_c" 1>&6
-echo "configure:1973: checking for pcap_open_live in -lpcap" >&5
+echo "configure:1992: checking for pcap_open_live in -lpcap" >&5
ac_lib_var=`echo pcap'_'pcap_open_live | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1977,7 +1996,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1981 "configure"
+#line 2000 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1988,7 +2007,7 @@ int main() {
pcap_open_live()
; return 0; }
EOF
-if { (eval echo configure:1992: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2045,7 +2064,7 @@ fi
if test "$need_restart" = "yes" ; then
echo $ac_n "checking for pcap_restart in -lpcap""... $ac_c" 1>&6
-echo "configure:2049: checking for pcap_restart in -lpcap" >&5
+echo "configure:2068: checking for pcap_restart in -lpcap" >&5
ac_lib_var=`echo pcap'_'pcap_restart | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2053,7 +2072,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2057 "configure"
+#line 2076 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2064,7 +2083,7 @@ int main() {
pcap_restart()
; return 0; }
EOF
-if { (eval echo configure:2068: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2087: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2086,7 +2105,7 @@ EOF
else
echo "$ac_t""no" 1>&6
echo $ac_n "checking for pcap_yyrestart in -lpcap""... $ac_c" 1>&6
-echo "configure:2090: checking for pcap_yyrestart in -lpcap" >&5
+echo "configure:2109: checking for pcap_yyrestart in -lpcap" >&5
ac_lib_var=`echo pcap'_'pcap_yyrestart | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2094,7 +2113,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2098 "configure"
+#line 2117 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2105,7 +2124,7 @@ int main() {
pcap_yyrestart()
; return 0; }
EOF
-if { (eval echo configure:2109: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2128: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2127,7 +2146,7 @@ EOF
else
echo "$ac_t""no" 1>&6
echo $ac_n "checking for yyrestart in -lpcap""... $ac_c" 1>&6
-echo "configure:2131: checking for yyrestart in -lpcap" >&5
+echo "configure:2150: checking for yyrestart in -lpcap" >&5
ac_lib_var=`echo pcap'_'yyrestart | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2135,7 +2154,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2139 "configure"
+#line 2158 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2146,7 +2165,7 @@ int main() {
yyrestart()
; return 0; }
EOF
-if { (eval echo configure:2150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2169: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2347,6 +2366,7 @@ s%@PCAP_LINK@%$PCAP_LINK%g
s%@REGEX_TARGET@%$REGEX_TARGET%g
s%@REGEX_OBJS@%$REGEX_OBJS%g
s%@SAFE_USER@%$SAFE_USER%g
+s%@DROP_ONLY_ROOT@%$DROP_ONLY_ROOT%g
s%@EXTRA_LIBS@%$EXTRA_LIBS%g
s%@STRIPFLAG@%$STRIPFLAG%g
diff --git a/configure.in b/configure.in
@@ -33,7 +33,7 @@ possible_dirs="`eval echo -n ${includedir}` \
/usr/share/include /usr/share/include/pcap"
AC_ARG_WITH(pcap-includes,
-[ --with-pcap-includes specify the pcap include directory],
+[ --with-pcap-includes specify the pcap include directory],
[PCAP_DIR=$withval],
[PCAP_DIR=$possible_dirs])
@@ -92,7 +92,7 @@ dnl
dnl pcre library compatibility stuff
dnl
AC_ARG_WITH(pcre,
-[ --with-pcre use PCRE instead of GNU regex],
+[ --with-pcre use PCRE instead of GNU regex],
[
( cd pcre-3.4; ./configure && make libtool chartables.c )
AC_DEFINE(USE_PCRE)
@@ -113,7 +113,7 @@ dnl
dnl Allow user to specify alternate ``nobody'' user.
dnl
AC_ARG_WITH(safe-user,
-[ --with-safe-user use user instead of "nobody" for dropprivs],
+[ --with-safe-user use user instead of "nobody" for dropprivs],
[
SAFE_USER="$withval"
],
@@ -123,6 +123,23 @@ AC_ARG_WITH(safe-user,
)
AC_SUBST(SAFE_USER)
+
+dnl
+dnl Some people have complained that they don't care to drop
+dnl privileges if they're not root, hence this flag.
+dnl
+
+AC_ARG_WITH(nonroot-dropprivs,
+[ --with-nonroot-dropprivs drop privs even if not root],
+[
+ DROP_ONLY_ROOT="1"
+],
+[
+ DROP_ONLY_ROOT="0"
+]
+)
+AC_SUBST(DROP_ONLY_ROOT)
+
dnl
dnl Check for DLT_* types that might not have existed in older
dnl libpcap's
@@ -266,7 +283,7 @@ dnl now, just let the user the flag itself, until I come up with a
dnl working methodology.
dnl
AC_ARG_WITH(restart,
-[ --with-restart use libpcap restart func],
+[ --with-restart use libpcap restart func],
[
if test "$withval" = "yes"; then
AC_DEFINE(NEED_RESTART)
diff --git a/ngrep.c b/ngrep.c
@@ -198,6 +198,7 @@ int main(int argc, char **argv) {
match_data = argv[optind++];
if (read_file) {
+
if (!(pd = pcap_open_offline(read_file, pc_err))) {
perror(pc_err);
clean_exit(-1);
@@ -208,8 +209,8 @@ int main(int argc, char **argv) {
live_read = 0;
printf("input: %s\n", read_file);
-
} else {
+
if (!dev)
if (!(dev = pcap_lookupdev(pc_err))) {
perror(pc_err);
@@ -845,15 +846,24 @@ void update_windowsize(int e) {
void drop_privs(void) {
- struct passwd *pw = getpwnam(SAFE_USER);
+#if DROP_ONLY_ROOT
+ if (getuid() != 0 && geteuid() != 0 &&
+ getgid() != 0 && getegid() != 0)
+ return;
+#endif
- if (setregid(pw->pw_gid, pw->pw_gid) == -1 ||
- setreuid(pw->pw_uid, pw->pw_uid) == -1) {
- perror("attempt to drop privileges failed");
- clean_exit(-1);
+ {
+ struct passwd *pw = getpwnam(SAFE_USER);
+
+ if (setregid(pw->pw_gid, pw->pw_gid) == -1 ||
+ setreuid(pw->pw_uid, pw->pw_uid) == -1) {
+ perror("attempt to drop privileges failed");
+ clean_exit(-1);
+ }
}
}
+
void usage(int e) {
printf("usage: ngrep <-hXViwqpevxlDtT> <-IO pcap_dump> <-n num> <-d dev> <-A num>\n"
" <-s snaplen> <-S limitlen> <match expression>\n"