svn commit: r346985 - stable/11/contrib/tcpdump
Mariusz Zaborski
oshogbo at FreeBSD.org
Wed May 1 06:59:05 UTC 2019
Author: oshogbo
Date: Wed May 1 06:59:04 2019
New Revision: 346985
URL: https://svnweb.freebsd.org/changeset/base/346985
Log:
MFC r346263:
tcpdump: disable Capsicum if -E option is provided.
The -E is used to provide a secret for decrypting IPsec.
The secret may be provided through command line or as the file.
The problem is that tcpdump doesn't support yet opening files in capability mode
and the file may contain a list of the files to open.
As a workaround, for now, let's just disable capsicum if the -E
the option is provided.
PR: 236819
MFC after: 2 weeks
Modified:
stable/11/contrib/tcpdump/tcpdump.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/contrib/tcpdump/tcpdump.c
==============================================================================
--- stable/11/contrib/tcpdump/tcpdump.c Wed May 1 05:42:13 2019 (r346984)
+++ stable/11/contrib/tcpdump/tcpdump.c Wed May 1 06:59:04 2019 (r346985)
@@ -2063,7 +2063,8 @@ main(int argc, char **argv)
}
#ifdef HAVE_CAPSICUM
- cansandbox = (VFileName == NULL && zflag == NULL);
+ cansandbox = (VFileName == NULL && zflag == NULL &&
+ ndo->ndo_espsecret == NULL);
#ifdef HAVE_CASPER
cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL));
#else
More information about the svn-src-stable
mailing list