Date: Wed, 1 May 2019 06:59:04 +0000 (UTC) From: Mariusz Zaborski <oshogbo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r346985 - stable/11/contrib/tcpdump Message-ID: <201905010659.x416x4wg003861@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oshogbo Date: Wed May 1 06:59:04 2019 New Revision: 346985 URL: https://svnweb.freebsd.org/changeset/base/346985 Log: MFC r346263: tcpdump: disable Capsicum if -E option is provided. The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after: 2 weeks Modified: stable/11/contrib/tcpdump/tcpdump.c Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/tcpdump/tcpdump.c ============================================================================== --- stable/11/contrib/tcpdump/tcpdump.c Wed May 1 05:42:13 2019 (r346984) +++ stable/11/contrib/tcpdump/tcpdump.c Wed May 1 06:59:04 2019 (r346985) @@ -2063,7 +2063,8 @@ main(int argc, char **argv) } #ifdef HAVE_CAPSICUM - cansandbox = (VFileName == NULL && zflag == NULL); + cansandbox = (VFileName == NULL && zflag == NULL && + ndo->ndo_espsecret == NULL); #ifdef HAVE_CASPER cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); #else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905010659.x416x4wg003861>