Date: Tue, 16 Apr 2019 09:19:15 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Mariusz Zaborski <oshogbo@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r346263 - head/contrib/tcpdump Message-ID: <20190416131915.2ocot4nonnf3sl4a@mutt-hbsd> In-Reply-To: <201904160412.x3G4CgN2015092@repo.freebsd.org> References: <201904160412.x3G4CgN2015092@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--epj5rmk7yofcyaoj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 16, 2019 at 04:12:42AM +0000, Mariusz Zaborski wrote: > Author: oshogbo > Date: Tue Apr 16 04:12:41 2019 > New Revision: 346263 > URL: https://svnweb.freebsd.org/changeset/base/346263 >=20 > Log: > tcpdump: disable Capsicum if -E option is provided. > =20 > The -E is used to provide a secret for decrypting IPsec. > The secret may be provided through command line or as the file. > The problem is that tcpdump doesn't support yet opening files in capabi= lity mode > and the file may contain a list of the files to open. > =20 > As a workaround, for now, let's just disable capsicum if the -E > the option is provided. > =20 > PR: 236819 > MFC after: 2 weeks >=20 > Modified: > head/contrib/tcpdump/tcpdump.c >=20 > Modified: head/contrib/tcpdump/tcpdump.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/contrib/tcpdump/tcpdump.c Tue Apr 16 02:48:04 2019 (r346262) > +++ head/contrib/tcpdump/tcpdump.c Tue Apr 16 04:12:41 2019 (r346263) > @@ -2063,7 +2063,8 @@ main(int argc, char **argv) > } > =20 > #ifdef HAVE_CAPSICUM > - cansandbox =3D (VFileName =3D=3D NULL && zflag =3D=3D NULL); > + cansandbox =3D (VFileName =3D=3D NULL && zflag =3D=3D NULL && > + ndo->ndo_espsecret =3D=3D NULL); > #ifdef HAVE_CASPER > cansandbox =3D (cansandbox && (ndo->ndo_nflag || capdns !=3D NULL)); > #else Is there any documentation anywhere telling users that Capsicum support will be disabled under certain circumstances? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 --epj5rmk7yofcyaoj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAly11k0ACgkQ/y5nonf4 4fowyBAAosXBRr/wadcuilGpEb9c6ytfp+mBiubhDc2s3cNgth5yEIY9RxZBU1SS cshIWcTPdmyb063/0HLroBaqJZmnw3Rro+esu+Oirh+0rj3W1GSxqHE4yohr2iux Q1i8/C4wUVI7hvUHvs44/NqOxPhnOr34KL+YgQ6T8R7H1HVD+Jfh9Zo/apkUKBVC 5WorHPu9u9sxAyIQ16PZvS9TzbD/u4LzYSGABa78whk9IUU/MG9LBIC+kjwV9nBv ZpWrdfqIJsOzeY3BM8XYWqBXQdXCR0xQVrQm2h5Kx+9qB+93ptxx8TI2bi3CCZUd qtbjjvk0bHH6rIJWBNG+3qzt1ouGF9utHIHYkmb8RyUPKRx6UB8MBbV+a5C1Txry MSG7wwtcYz/73c4RAY5whI7DfHi/2sd1nbOfJcVcH3TObZQRMvr9PGE320RFMmK8 SpfBp7PkTjiSlwli6Ci6nqjg6mFcvFM24UvoJ/4aDjp0HNfAyWFEqr5kEtALBC4V WZFCLpNwwlhO0XTZBhJXqpDPRDO94z01cQVkv5OAPZNLm9SUSZnAHmHLyUs68yhI LzbRV1swUi80sI/7hC+YVT09tmbcFm3TVOqVvhXxBVcqUrY3J3+fufVRctTXFYWf HlCSfoG/l6RXmo1OYanEIW3DSSVYXcBgmjV6eZk0FL2cwyrdErA= =edr2 -----END PGP SIGNATURE----- --epj5rmk7yofcyaoj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190416131915.2ocot4nonnf3sl4a>