svn commit: r338613 - head/contrib/tcpdump
Hans Petter Selasky
hselasky at FreeBSD.org
Wed Sep 12 10:10:00 UTC 2018
Author: hselasky
Date: Wed Sep 12 10:09:59 2018
New Revision: 338613
URL: https://svnweb.freebsd.org/changeset/base/338613
Log:
Fix for backends which doesn't support capsicum.
Not all libpcap backends use the BPF compatible set
of IOCTLs. For example the mlx5 backend uses libibverbs
which is currently not capsicum compatible.
Disable sandboxing for such backends.
MFC after: 3 days
Discussed with: emaste@
Approved by: re (kib)
Sponsored by: Mellanox Technologies
Modified:
head/contrib/tcpdump/tcpdump.c
Modified: head/contrib/tcpdump/tcpdump.c
==============================================================================
--- head/contrib/tcpdump/tcpdump.c Wed Sep 12 08:56:08 2018 (r338612)
+++ head/contrib/tcpdump/tcpdump.c Wed Sep 12 10:09:59 2018 (r338613)
@@ -2069,6 +2069,9 @@ main(int argc, char **argv)
#else
cansandbox = (cansandbox && ndo->ndo_nflag);
#endif /* HAVE_CASPER */
+ cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+ RFileName != NULL));
+
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
error("unable to enter the capability mode");
#endif /* HAVE_CAPSICUM */
More information about the svn-src-all
mailing list