[src/trunk]: src Make tcpdump(8) to drop root privileges and chroot(2) by def...

[jruoho <jruoho%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/79a4ad64a75a
branches:  trunk
changeset: 759821:79a4ad64a75a
user:      jruoho <jruoho%NetBSD.org@localhost>
date:      Fri Dec 17 09:54:27 2010 +0000

description:
Make tcpdump(8) to drop root privileges and chroot(2) by default.

diffstat:

 UPDATING                               |   7 ++++++-
 distrib/sets/lists/base/mi             |   3 ++-
 etc/group                              |   1 +
 etc/master.passwd                      |   1 +
 etc/mtree/NetBSD.dist.base             |   3 ++-
 etc/mtree/special                      |   3 ++-
 external/bsd/tcpdump/bin/Makefile      |   5 ++++-
 external/bsd/tcpdump/dist/tcpdump.1.in |  17 ++++++++++-------
 usr.sbin/tcpdump/Makefile              |   5 ++++-
 9 files changed, 32 insertions(+), 13 deletions(-)

diffs (164 lines):

diff -r 7ceaf5ca5f3c -r 79a4ad64a75a UPDATING
--- a/UPDATING  Fri Dec 17 08:50:26 2010 +0000
+++ b/UPDATING  Fri Dec 17 09:54:27 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: UPDATING,v 1.216 2010/11/25 22:08:49 christos Exp $
+$NetBSD: UPDATING,v 1.217 2010/12/17 09:54:27 jruoho Exp $
 
 This file (UPDATING) is intended to be a brief reference to recent
 changes that might cause problems in the build process, and a guide for
@@ -15,6 +15,11 @@
 
 Recent changes:
 ^^^^^^^^^^^^^^^
+20101217:
+       The tcpdump(8) program was changed to drop privileges and chroot(2)
+       by default. It may be necessary to manually update passwd(5) and
+       group(5) in order to make the program work with existing setups.
+
 20101125:
        The latest changes to setenv(3) dissallow setting environment
        variables with names that contain '='. Revision 1.18 of env.c
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a distrib/sets/lists/base/mi
--- a/distrib/sets/lists/base/mi        Fri Dec 17 08:50:26 2010 +0000
+++ b/distrib/sets/lists/base/mi        Fri Dec 17 09:54:27 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.907 2010/12/15 18:39:27 pooka Exp $
+# $NetBSD: mi,v 1.908 2010/12/17 09:54:27 jruoho Exp $
 #
 # Note:        Don't delete entries from here - mark them as "obsolete" instead,
 #      unless otherwise stated below.
@@ -4806,6 +4806,7 @@
 ./var/chroot/pfspamd                           base-obsolete           obsolete
 ./var/chroot/spamd                             base-obsolete           obsolete
 ./var/chroot/sshd                              base-sys-root
+./var/chroot/tcpdump                           base-sys-root
 ./var/chroot/tftp-proxy                                base-sys-root
 ./var/crash                                    base-sys-root
 ./var/cron                                     base-cron-root
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a etc/group
--- a/etc/group Fri Dec 17 08:50:26 2010 +0000
+++ b/etc/group Fri Dec 17 09:54:27 2010 +0000
@@ -22,6 +22,7 @@
 _httpd:*:24:
 _mdnsd:*:25:
 _atf:*:26:
+_tcpdump:*:27:
 guest:*:31:root
 nobody:*:39:
 utmp:*:45:
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a etc/master.passwd
--- a/etc/master.passwd Fri Dec 17 08:50:26 2010 +0000
+++ b/etc/master.passwd Fri Dec 17 09:54:27 2010 +0000
@@ -16,5 +16,6 @@
 _httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin
 _mdnsd:*:25:25::0:0:& pseudo-user:/nonexistent:/sbin/nologin
 _atf:*:26:26::0:0:& pseudo-user:/nonexistent:/sbin/nologin
+_tcpdump:*:27:27::0:0:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin
 uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
 nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a etc/mtree/NetBSD.dist.base
--- a/etc/mtree/NetBSD.dist.base        Fri Dec 17 08:50:26 2010 +0000
+++ b/etc/mtree/NetBSD.dist.base        Fri Dec 17 09:54:27 2010 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: NetBSD.dist.base,v 1.67 2010/12/08 23:56:02 njoly Exp $
+#      $NetBSD: NetBSD.dist.base,v 1.68 2010/12/17 09:54:28 jruoho Exp $
 #      @(#)4.4BSD.dist 8.1 (Berkeley) 6/13/93
 
 # Do not customize this file as it may be overwritten on upgrades.
@@ -1080,6 +1080,7 @@
 ./var/chroot/ntpd/var/run      mode=0775 gname=ntpd
 ./var/chroot/pflogd            mode=0755
 ./var/chroot/sshd              mode=0755
+./var/chroot/tcpdump           mode=0755
 ./var/chroot/tftp-proxy                mode=0755
 ./var/crash                    mode=0770
 ./var/cron
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a etc/mtree/special
--- a/etc/mtree/special Fri Dec 17 08:50:26 2010 +0000
+++ b/etc/mtree/special Fri Dec 17 09:54:27 2010 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: special,v 1.133 2010/08/24 13:18:04 christos Exp $
+#      $NetBSD: special,v 1.134 2010/12/17 09:54:28 jruoho Exp $
 #      @(#)special     8.2 (Berkeley) 1/23/94
 #
 # This file may be overwritten on upgrades.
@@ -393,6 +393,7 @@
 ./var/chroot/ntpd/var/run      type=dir  mode=0775 gname=ntpd
 ./var/chroot/pflogd            type=dir  mode=0755
 ./var/chroot/sshd              type=dir  mode=0755
+./var/chroot/tcpdump           type=dir  mode=0755
 ./var/chroot/tftp-proxy                type=dir  mode=0755
 ./var/cron                     type=dir  mode=0755
 ./var/cron/tabs                        type=dir  mode=0700
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a external/bsd/tcpdump/bin/Makefile
--- a/external/bsd/tcpdump/bin/Makefile Fri Dec 17 08:50:26 2010 +0000
+++ b/external/bsd/tcpdump/bin/Makefile Fri Dec 17 09:54:27 2010 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.3 2010/12/05 05:52:46 christos Exp $      
+#      $NetBSD: Makefile,v 1.4 2010/12/17 09:54:28 jruoho Exp $        
 
 WARNS?=        1       # XXX: need to cleanup later
 
@@ -64,6 +64,9 @@
 
 CPPFLAGS+=-DHAVE_CONFIG_H -D_U_="__attribute__((__unused__))"
 
+CPPFLAGS+=-DWITH_USER=\"_tcpdump\"
+CPPFLAGS+=-DWITH_CHROOT=\"/var/chroot/tcpdump\"
+
 .if (${USE_INET6} != "no")
 SRCS+= print-ip6.c print-ip6opts.c print-ripng.c print-icmp6.c print-frag6.c \
        print-rt6.c print-ospf6.c print-dhcp6.c
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a external/bsd/tcpdump/dist/tcpdump.1.in
--- a/external/bsd/tcpdump/dist/tcpdump.1.in    Fri Dec 17 08:50:26 2010 +0000
+++ b/external/bsd/tcpdump/dist/tcpdump.1.in    Fri Dec 17 09:54:27 2010 +0000
@@ -1,6 +1,6 @@
 .\" @(#) Header: /tcpdump/master/tcpdump/tcpdump.1.in,v 1.2 2008-11-09 23:35:03 mcr Exp (LBL)
 .\"
-.\"    $NetBSD: tcpdump.1.in,v 1.2 2010/12/05 05:11:31 christos Exp $
+.\"    $NetBSD: tcpdump.1.in,v 1.3 2010/12/17 09:54:28 jruoho Exp $
 .\"
 .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
 .\"    The Regents of the University of California.  All rights reserved.
@@ -620,12 +620,15 @@
 and execute the command that you want.
 .TP
 .B \-Z
-Drops privileges (if root) and changes user ID to
-.I user
-and the group ID to the primary group of
-.IR user .
-.IP
-This behavior can also be enabled by default at compile time.
+By default,
+.I tcpdump
+operates in NetBSD under the privileges of the user ``_tcpdump''.
+Before the user ID and the corresponding primary group ID are changed,
+.I tcpdump
+will change the root directory to \fI/var/chroot/tcpdump\fP.
+By using the option
+.B \-Z
+the real and effective user and group IDs can be changed to ``user'' instead.
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.
diff -r 7ceaf5ca5f3c -r 79a4ad64a75a usr.sbin/tcpdump/Makefile
--- a/usr.sbin/tcpdump/Makefile Fri Dec 17 08:50:26 2010 +0000
+++ b/usr.sbin/tcpdump/Makefile Fri Dec 17 09:54:27 2010 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.50 2009/09/14 10:36:51 degroote Exp $     
+#      $NetBSD: Makefile,v 1.51 2010/12/17 09:54:28 jruoho Exp $       
 
 WARNS?=        1       # XXX: out of date third-party program 
 
@@ -77,6 +77,9 @@
 CPPFLAGS+=-DTCPDUMP_DO_SMB=1
 CPPFLAGS+=-D_U_="__attribute__((unused))"
 
+CPPFLAGS+=-DWITH_USER=\"_tcpdump\"
+CPPFLAGS+=-DWITH_CHROOT=\"/var/chroot/tcpdump\"
+
 .if (${USE_INET6} != "no")
 SRCS+= print-ip6.c print-ip6opts.c print-ripng.c print-icmp6.c print-frag6.c \
        print-rt6.c print-ospf6.c print-dhcp6.c