commit f11487f150123b67f2b33782df640160e57f58b4
parent 14e9867e75f77ac0959763beb03576e8b4c3742e
Author: Jordan Ritter <jpr5@darkridge.com>
Date: Tue, 21 Jan 2003 22:47:31 +0000
documentation changes, a few cosmetic changes, added --safe-user compile
time option, and code to drop privs, not guaranteed to be portable yet
because I can't find access to the old boxes I used to port it in the
first place version bump, getting ready to produce a maintenance release
Diffstat:
7 files changed, 145 insertions(+), 88 deletions(-)
diff --git a/CHANGES b/CHANGES
@@ -1,5 +1,7 @@
cvs-current
o added -S (set limitlen)
+ o added LOOP and SLL tests for portability/old libpcap'en
+ o added configure --safe-user and dropprivs code
v1.40.1
o MacOS X support
diff --git a/Makefile.in b/Makefile.in
@@ -9,7 +9,7 @@
CC=@CC@
INCLUDES=-I@srcdir@ @PCAP_INCLUDE@
-CFLAGS=@CFLAGS@ @DEFS@
+CFLAGS=@CFLAGS@ @DEFS@ -DSAFE_USER='"@SAFE_USER@"'
LDFLAGS=@LDFLAGS@ @PCAP_LINK@
LIBS=-lpcap @EXTRA_LIBS@
STRIPFLAG=@STRIPFLAG@
diff --git a/README b/README
@@ -1,7 +1,7 @@
Program: ngrep
Author: Jordan Ritter <jpr5@darkridge.com>
-Version: 1.40.1-cvs (6.14.2002)
+Version: 1.41-cvs (1.21.2003)
Goal:
diff --git a/configure b/configure
@@ -14,7 +14,9 @@ ac_default_prefix=/usr/local
ac_help="$ac_help
--with-pcap-includes specify the pcap include directory"
ac_help="$ac_help
- --with-pcre use libnet build directory"
+ --with-pcre use PCRE instead of GNU regex"
+ac_help="$ac_help
+ --with-safe-user use user instead of "nobody" for dropprivs"
ac_help="$ac_help
--with-restart use libpcap restart func"
@@ -575,7 +577,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
fi
echo $ac_n "checking host system type""... $ac_c" 1>&6
-echo "configure:579: checking host system type" >&5
+echo "configure:581: checking host system type" >&5
host_alias=$host
case "$host_alias" in
@@ -596,7 +598,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$ac_t""$host" 1>&6
echo $ac_n "checking target system type""... $ac_c" 1>&6
-echo "configure:600: checking target system type" >&5
+echo "configure:602: checking target system type" >&5
target_alias=$target
case "$target_alias" in
@@ -614,7 +616,7 @@ target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$ac_t""$target" 1>&6
echo $ac_n "checking build system type""... $ac_c" 1>&6
-echo "configure:618: checking build system type" >&5
+echo "configure:620: checking build system type" >&5
build_alias=$build
case "$build_alias" in
@@ -640,7 +642,7 @@ test "$host_alias" != "$target_alias" &&
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:644: checking for $ac_word" >&5
+echo "configure:646: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -670,7 +672,7 @@ if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:674: checking for $ac_word" >&5
+echo "configure:676: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -721,7 +723,7 @@ fi
# Extract the first word of "cl", so it can be a program name with args.
set dummy cl; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:725: checking for $ac_word" >&5
+echo "configure:727: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -753,7 +755,7 @@ fi
fi
echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:757: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:759: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
ac_ext=c
# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
@@ -764,12 +766,12 @@ cross_compiling=$ac_cv_prog_cc_cross
cat > conftest.$ac_ext << EOF
-#line 768 "configure"
+#line 770 "configure"
#include "confdefs.h"
main(){return(0);}
EOF
-if { (eval echo configure:773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:775: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
ac_cv_prog_cc_works=yes
# If we can't run a trivial program, we are probably using a cross compiler.
if (./conftest; exit) 2>/dev/null; then
@@ -795,12 +797,12 @@ if test $ac_cv_prog_cc_works = no; then
{ echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
fi
echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:799: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "configure:801: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
cross_compiling=$ac_cv_prog_cc_cross
echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:804: checking whether we are using GNU C" >&5
+echo "configure:806: checking whether we are using GNU C" >&5
if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -809,7 +811,7 @@ else
yes;
#endif
EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:813: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:815: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
ac_cv_prog_gcc=yes
else
ac_cv_prog_gcc=no
@@ -828,7 +830,7 @@ ac_test_CFLAGS="${CFLAGS+set}"
ac_save_CFLAGS="$CFLAGS"
CFLAGS=
echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:832: checking whether ${CC-cc} accepts -g" >&5
+echo "configure:834: checking whether ${CC-cc} accepts -g" >&5
if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -864,7 +866,7 @@ echo $ac_n "checking for prefix by $ac_c" 1>&6
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:868: checking for $ac_word" >&5
+echo "configure:870: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_GCC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -903,7 +905,7 @@ fi
echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:907: checking how to run the C preprocessor" >&5
+echo "configure:909: checking how to run the C preprocessor" >&5
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
@@ -918,13 +920,13 @@ else
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp.
cat > conftest.$ac_ext <<EOF
-#line 922 "configure"
+#line 924 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:928: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:930: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -935,13 +937,13 @@ else
rm -rf conftest*
CPP="${CC-cc} -E -traditional-cpp"
cat > conftest.$ac_ext <<EOF
-#line 939 "configure"
+#line 941 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:945: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:947: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -952,13 +954,13 @@ else
rm -rf conftest*
CPP="${CC-cc} -nologo -E"
cat > conftest.$ac_ext <<EOF
-#line 956 "configure"
+#line 958 "configure"
#include "confdefs.h"
#include <assert.h>
Syntax Error
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:962: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:964: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
@@ -983,12 +985,12 @@ fi
echo "$ac_t""$CPP" 1>&6
echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:987: checking for ANSI C header files" >&5
+echo "configure:989: checking for ANSI C header files" >&5
if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 992 "configure"
+#line 994 "configure"
#include "confdefs.h"
#include <stdlib.h>
#include <stdarg.h>
@@ -996,7 +998,7 @@ else
#include <float.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1000: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1002: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1013,7 +1015,7 @@ rm -f conftest*
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1017 "configure"
+#line 1019 "configure"
#include "confdefs.h"
#include <string.h>
EOF
@@ -1031,7 +1033,7 @@ fi
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
cat > conftest.$ac_ext <<EOF
-#line 1035 "configure"
+#line 1037 "configure"
#include "confdefs.h"
#include <stdlib.h>
EOF
@@ -1052,7 +1054,7 @@ if test "$cross_compiling" = yes; then
:
else
cat > conftest.$ac_ext <<EOF
-#line 1056 "configure"
+#line 1058 "configure"
#include "confdefs.h"
#include <ctype.h>
#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1063,7 +1065,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
exit (0); }
EOF
-if { (eval echo configure:1067: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
:
else
@@ -1087,12 +1089,12 @@ EOF
fi
echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1091: checking for working const" >&5
+echo "configure:1093: checking for working const" >&5
if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1096 "configure"
+#line 1098 "configure"
#include "confdefs.h"
int main() {
@@ -1141,7 +1143,7 @@ ccp = (char const *const *) p;
; return 0; }
EOF
-if { (eval echo configure:1145: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1147: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_c_const=yes
else
@@ -1162,12 +1164,12 @@ EOF
fi
echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:1166: checking for size_t" >&5
+echo "configure:1168: checking for size_t" >&5
if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1171 "configure"
+#line 1173 "configure"
#include "confdefs.h"
#include <sys/types.h>
#if STDC_HEADERS
@@ -1195,12 +1197,12 @@ EOF
fi
echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:1199: checking return type of signal handlers" >&5
+echo "configure:1201: checking return type of signal handlers" >&5
if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1204 "configure"
+#line 1206 "configure"
#include "confdefs.h"
#include <sys/types.h>
#include <signal.h>
@@ -1217,7 +1219,7 @@ int main() {
int i;
; return 0; }
EOF
-if { (eval echo configure:1221: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1223: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
ac_cv_type_signal=void
else
@@ -1238,19 +1240,19 @@ EOF
# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
# for constant arguments. Useless!
echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
-echo "configure:1242: checking for working alloca.h" >&5
+echo "configure:1244: checking for working alloca.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1247 "configure"
+#line 1249 "configure"
#include "confdefs.h"
#include <alloca.h>
int main() {
char *p = alloca(2 * sizeof(int));
; return 0; }
EOF
-if { (eval echo configure:1254: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1256: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ac_cv_header_alloca_h=yes
else
@@ -1271,12 +1273,12 @@ EOF
fi
echo $ac_n "checking for alloca""... $ac_c" 1>&6
-echo "configure:1275: checking for alloca" >&5
+echo "configure:1277: checking for alloca" >&5
if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1280 "configure"
+#line 1282 "configure"
#include "confdefs.h"
#ifdef __GNUC__
@@ -1304,7 +1306,7 @@ int main() {
char *p = (char *) alloca(1);
; return 0; }
EOF
-if { (eval echo configure:1308: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1310: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
ac_cv_func_alloca_works=yes
else
@@ -1336,12 +1338,12 @@ EOF
echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
-echo "configure:1340: checking whether alloca needs Cray hooks" >&5
+echo "configure:1342: checking whether alloca needs Cray hooks" >&5
if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1345 "configure"
+#line 1347 "configure"
#include "confdefs.h"
#if defined(CRAY) && ! defined(CRAY2)
webecray
@@ -1366,12 +1368,12 @@ echo "$ac_t""$ac_cv_os_cray" 1>&6
if test $ac_cv_os_cray = yes; then
for ac_func in _getb67 GETB67 getb67; do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:1370: checking for $ac_func" >&5
+echo "configure:1372: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1375 "configure"
+#line 1377 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -1394,7 +1396,7 @@ $ac_func();
; return 0; }
EOF
-if { (eval echo configure:1398: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -1421,7 +1423,7 @@ done
fi
echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
-echo "configure:1425: checking stack direction for C alloca" >&5
+echo "configure:1427: checking stack direction for C alloca" >&5
if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -1429,7 +1431,7 @@ else
ac_cv_c_stack_direction=0
else
cat > conftest.$ac_ext <<EOF
-#line 1433 "configure"
+#line 1435 "configure"
#include "confdefs.h"
find_stack_direction ()
{
@@ -1448,7 +1450,7 @@ main ()
exit (find_stack_direction() < 0);
}
EOF
-if { (eval echo configure:1452: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1454: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
then
ac_cv_c_stack_direction=1
else
@@ -1472,17 +1474,17 @@ fi
ac_safe=`echo "strings.h" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for strings.h""... $ac_c" 1>&6
-echo "configure:1476: checking for strings.h" >&5
+echo "configure:1478: checking for strings.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1481 "configure"
+#line 1483 "configure"
#include "confdefs.h"
#include <strings.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1486: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1488: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1506,17 +1508,17 @@ fi
ac_safe=`echo "netinet/if_ether.h" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for netinet/if_ether.h""... $ac_c" 1>&6
-echo "configure:1510: checking for netinet/if_ether.h" >&5
+echo "configure:1512: checking for netinet/if_ether.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 1515 "configure"
+#line 1517 "configure"
#include "confdefs.h"
#include <netinet/if_ether.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1520: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -1543,7 +1545,7 @@ fi
echo $ac_n "checking for a complete set of pcap headers""... $ac_c" 1>&6
-echo "configure:1547: checking for a complete set of pcap headers" >&5
+echo "configure:1549: checking for a complete set of pcap headers" >&5
possible_dirs="`eval echo -n ${includedir}` \
/usr/include /usr/include/pcap \
@@ -1590,7 +1592,7 @@ else
echo $ac_n "checking for usable bpf.h""... $ac_c" 1>&6
-echo "configure:1594: checking for usable bpf.h" >&5
+echo "configure:1596: checking for usable bpf.h" >&5
if test -n "`grep DLT_RAW $pcap_dir/net/bpf.h`" ; then
echo yep
else
@@ -1639,10 +1641,26 @@ fi
+# Check whether --with-safe-user or --without-safe-user was given.
+if test "${with_safe_user+set}" = set; then
+ withval="$with_safe_user"
+
+ SAFE_USER="$withval"
+
+else
+
+ SAFE_USER="nobody"
+
+
+fi
+
+
+
+
echo $ac_n "checking for DLT_LINUX_SLL in bpf.h""... $ac_c" 1>&6
-echo "configure:1644: checking for DLT_LINUX_SLL in bpf.h" >&5
+echo "configure:1662: checking for DLT_LINUX_SLL in bpf.h" >&5
cat > conftest.$ac_ext <<EOF
-#line 1646 "configure"
+#line 1664 "configure"
#include "confdefs.h"
#include <
#include <net/bpf.h>
@@ -1667,9 +1685,9 @@ rm -f conftest*
echo $ac_n "checking for DLT_LOOP in bpf.h""... $ac_c" 1>&6
-echo "configure:1671: checking for DLT_LOOP in bpf.h" >&5
+echo "configure:1689: checking for DLT_LOOP in bpf.h" >&5
cat > conftest.$ac_ext <<EOF
-#line 1673 "configure"
+#line 1691 "configure"
#include "confdefs.h"
#include <
#include <net/bpf.h>
@@ -1714,9 +1732,9 @@ EOF
echo $ac_n "checking for a dumb udphdr declaration""... $ac_c" 1>&6
-echo "configure:1718: checking for a dumb udphdr declaration" >&5
+echo "configure:1736: checking for a dumb udphdr declaration" >&5
cat > conftest.$ac_ext <<EOF
-#line 1720 "configure"
+#line 1738 "configure"
#include "confdefs.h"
int main() {
@@ -1735,7 +1753,7 @@ unsigned short bar = foo.uh_sport;
; return 0; }
EOF
-if { (eval echo configure:1739: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1757: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
echo nope
else
@@ -1766,7 +1784,7 @@ EOF
echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6
-echo "configure:1770: checking for socket in -lsocket" >&5
+echo "configure:1788: checking for socket in -lsocket" >&5
ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1774,7 +1792,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lsocket $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1778 "configure"
+#line 1796 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1785,7 +1803,7 @@ int main() {
socket()
; return 0; }
EOF
-if { (eval echo configure:1789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1814,7 +1832,7 @@ echo no socket in -lsocket\?; exit
fi
echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
-echo "configure:1818: checking for gethostbyname in -lnsl" >&5
+echo "configure:1836: checking for gethostbyname in -lnsl" >&5
ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1822,7 +1840,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lnsl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1826 "configure"
+#line 1844 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1833,7 +1851,7 @@ int main() {
gethostbyname()
; return 0; }
EOF
-if { (eval echo configure:1837: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1855: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1917,7 +1935,7 @@ esac
echo $ac_n "checking for pcap_open_live in -lpcap""... $ac_c" 1>&6
-echo "configure:1921: checking for pcap_open_live in -lpcap" >&5
+echo "configure:1939: checking for pcap_open_live in -lpcap" >&5
ac_lib_var=`echo pcap'_'pcap_open_live | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -1925,7 +1943,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 1929 "configure"
+#line 1947 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -1936,7 +1954,7 @@ int main() {
pcap_open_live()
; return 0; }
EOF
-if { (eval echo configure:1940: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -1993,7 +2011,7 @@ fi
if test "$need_restart" = "yes" ; then
echo $ac_n "checking for pcap_restart in -lpcap""... $ac_c" 1>&6
-echo "configure:1997: checking for pcap_restart in -lpcap" >&5
+echo "configure:2015: checking for pcap_restart in -lpcap" >&5
ac_lib_var=`echo pcap'_'pcap_restart | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2001,7 +2019,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2005 "configure"
+#line 2023 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2012,7 +2030,7 @@ int main() {
pcap_restart()
; return 0; }
EOF
-if { (eval echo configure:2016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2034: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2034,7 +2052,7 @@ EOF
else
echo "$ac_t""no" 1>&6
echo $ac_n "checking for pcap_yyrestart in -lpcap""... $ac_c" 1>&6
-echo "configure:2038: checking for pcap_yyrestart in -lpcap" >&5
+echo "configure:2056: checking for pcap_yyrestart in -lpcap" >&5
ac_lib_var=`echo pcap'_'pcap_yyrestart | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2042,7 +2060,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2046 "configure"
+#line 2064 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2053,7 +2071,7 @@ int main() {
pcap_yyrestart()
; return 0; }
EOF
-if { (eval echo configure:2057: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2075: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2075,7 +2093,7 @@ EOF
else
echo "$ac_t""no" 1>&6
echo $ac_n "checking for yyrestart in -lpcap""... $ac_c" 1>&6
-echo "configure:2079: checking for yyrestart in -lpcap" >&5
+echo "configure:2097: checking for yyrestart in -lpcap" >&5
ac_lib_var=`echo pcap'_'yyrestart | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -2083,7 +2101,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-lpcap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 2087 "configure"
+#line 2105 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -2094,7 +2112,7 @@ int main() {
yyrestart()
; return 0; }
EOF
-if { (eval echo configure:2098: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2116: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -2294,6 +2312,7 @@ s%@PCAP_INCLUDE@%$PCAP_INCLUDE%g
s%@PCAP_LINK@%$PCAP_LINK%g
s%@REGEX_TARGET@%$REGEX_TARGET%g
s%@REGEX_OBJS@%$REGEX_OBJS%g
+s%@SAFE_USER@%$SAFE_USER%g
s%@EXTRA_LIBS@%$EXTRA_LIBS%g
s%@STRIPFLAG@%$STRIPFLAG%g
diff --git a/configure.in b/configure.in
@@ -92,7 +92,7 @@ dnl
dnl pcre library compatibility stuff
dnl
AC_ARG_WITH(pcre,
-[ --with-pcre use libnet build directory],
+[ --with-pcre use PCRE instead of GNU regex],
[
( cd pcre-3.4; ./configure && make libtool chartables.c )
AC_DEFINE(USE_PCRE)
@@ -110,6 +110,21 @@ AC_SUBST(REGEX_OBJS)
dnl
+dnl Allow user to specify alternate ``nobody'' user.
+dnl
+AC_ARG_WITH(safe-user,
+[ --with-safe-user use user instead of "nobody" for dropprivs],
+[
+ SAFE_USER="$withval"
+],
+[
+ SAFE_USER="nobody"
+]
+)
+AC_SUBST(SAFE_USER)
+
+
+dnl
dnl Check for DLT_* types that might not have existed in older
dnl libpcap's
dnl
diff --git a/ngrep.c b/ngrep.c
@@ -16,6 +16,7 @@
#include <netinet/in_systm.h>
#include <net/if.h>
#include <sys/tty.h>
+#include <pwd.h>
#endif
#if defined(OSF1)
@@ -25,6 +26,7 @@
#include <netinet/in_systm.h>
#include <net/route.h>
#include <sys/mbuf.h>
+// need to find getpwnam, set*d()
#endif
#if defined(LINUX)
@@ -32,6 +34,8 @@
#include <arpa/inet.h>
#include <ctype.h>
#include <time.h>
+#include <unistd.h>
+#include <pwd.h>
#endif
#if defined(AIX)
@@ -39,6 +43,7 @@
#include <sys/types.h>
#include <netinet/in.h>
#include <time.h>
+// need to find getpwnam, set*d()
#endif
#include <netinet/ip.h>
@@ -195,9 +200,12 @@ int main(int argc, char **argv) {
clean_exit(-1);
}
+ drop_privs();
+
live_read = 0;
printf("input: %s\n", read_file);
+
} else {
if (!dev)
if (!(dev = pcap_lookupdev(pc_err))) {
@@ -210,6 +218,8 @@ int main(int argc, char **argv) {
clean_exit(-1);
}
+ drop_privs();
+
if (pcap_lookupnet(dev, &net.s_addr, &mask.s_addr, pc_err) == -1) {
perror(pc_err);
memset(&net, 0, sizeof(net));
@@ -823,6 +833,16 @@ void update_windowsize(int e) {
}
+void drop_privs(void) {
+ struct passwd *pw = getpwnam(SAFE_USER);
+
+ seteuid(pw->pw_uid);
+ setegid(pw->pw_gid);
+
+ setuid(pw->pw_uid);
+ setgid(pw->pw_gid);
+}
+
void usage(int e) {
printf("usage: ngrep <-hXViwqpevxlDtT> <-IO pcap_dump> <-n num> <-d dev> <-A num>\n"
" <-s snaplen> <match expression> <bpf filter>\n");
diff --git a/ngrep.h b/ngrep.h
@@ -7,7 +7,7 @@
*
*/
-#define VERSION "1.40.1"
+#define VERSION "1.41"
#define ETHHDR_SIZE 14
@@ -48,3 +48,4 @@ void dump_delay_proc_init(struct pcap_pkthdr *);
void dump_delay_proc(struct pcap_pkthdr *);
void update_windowsize(int);
+void drop_privs(void);