Date: Tue, 16 Apr 2019 09:19:15 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Mariusz Zaborski <oshogbo@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r346263 - head/contrib/tcpdump Message-ID: <20190416131915.2ocot4nonnf3sl4a@mutt-hbsd> In-Reply-To: <201904160412.x3G4CgN2015092@repo.freebsd.org> References: <201904160412.x3G4CgN2015092@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tue, Apr 16, 2019 at 04:12:42AM +0000, Mariusz Zaborski wrote: > Author: oshogbo > Date: Tue Apr 16 04:12:41 2019 > New Revision: 346263 > URL: https://svnweb.freebsd.org/changeset/base/346263 > > Log: > tcpdump: disable Capsicum if -E option is provided. > > The -E is used to provide a secret for decrypting IPsec. > The secret may be provided through command line or as the file. > The problem is that tcpdump doesn't support yet opening files in capability mode > and the file may contain a list of the files to open. > > As a workaround, for now, let's just disable capsicum if the -E > the option is provided. > > PR: 236819 > MFC after: 2 weeks > > Modified: > head/contrib/tcpdump/tcpdump.c > > Modified: head/contrib/tcpdump/tcpdump.c > ============================================================================== > --- head/contrib/tcpdump/tcpdump.c Tue Apr 16 02:48:04 2019 (r346262) > +++ head/contrib/tcpdump/tcpdump.c Tue Apr 16 04:12:41 2019 (r346263) > @@ -2063,7 +2063,8 @@ main(int argc, char **argv) > } > > #ifdef HAVE_CAPSICUM > - cansandbox = (VFileName == NULL && zflag == NULL); > + cansandbox = (VFileName == NULL && zflag == NULL && > + ndo->ndo_espsecret == NULL); > #ifdef HAVE_CASPER > cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); > #else Is there any documentation anywhere telling users that Capsicum support will be disabled under certain circumstances? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAly11k0ACgkQ/y5nonf4 4fowyBAAosXBRr/wadcuilGpEb9c6ytfp+mBiubhDc2s3cNgth5yEIY9RxZBU1SS cshIWcTPdmyb063/0HLroBaqJZmnw3Rro+esu+Oirh+0rj3W1GSxqHE4yohr2iux Q1i8/C4wUVI7hvUHvs44/NqOxPhnOr34KL+YgQ6T8R7H1HVD+Jfh9Zo/apkUKBVC 5WorHPu9u9sxAyIQ16PZvS9TzbD/u4LzYSGABa78whk9IUU/MG9LBIC+kjwV9nBv ZpWrdfqIJsOzeY3BM8XYWqBXQdXCR0xQVrQm2h5Kx+9qB+93ptxx8TI2bi3CCZUd qtbjjvk0bHH6rIJWBNG+3qzt1ouGF9utHIHYkmb8RyUPKRx6UB8MBbV+a5C1Txry MSG7wwtcYz/73c4RAY5whI7DfHi/2sd1nbOfJcVcH3TObZQRMvr9PGE320RFMmK8 SpfBp7PkTjiSlwli6Ci6nqjg6mFcvFM24UvoJ/4aDjp0HNfAyWFEqr5kEtALBC4V WZFCLpNwwlhO0XTZBhJXqpDPRDO94z01cQVkv5OAPZNLm9SUSZnAHmHLyUs68yhI LzbRV1swUi80sI/7hC+YVT09tmbcFm3TVOqVvhXxBVcqUrY3J3+fufVRctTXFYWf HlCSfoG/l6RXmo1OYanEIW3DSSVYXcBgmjV6eZk0FL2cwyrdErA= =edr2 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190416131915.2ocot4nonnf3sl4a>