diff -up tcpdump-4.2.1/tcpdump.1.in.eperm tcpdump-4.2.1/tcpdump.1.in
--- tcpdump-4.2.1/tcpdump.1.in.eperm 2012-05-16 15:46:55.009494388 +0200
+++ tcpdump-4.2.1/tcpdump.1.in 2012-05-16 15:47:16.860299598 +0200
@@ -214,6 +214,9 @@ have the name specified with the
flag, with a number after it, starting at 1 and continuing upward.
The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
not 1,048,576 bytes).
+
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
+are dropped before opening first savefile.
.TP
.B \-d
Dump the compiled packet-matching code in a human readable form to
@@ -650,7 +653,9 @@ but before opening any savefiles for out
and the group ID to the primary group of
.IR user .
.IP
-This behavior can also be enabled by default at compile time.
+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
+be disabled by \fB\-Z root\fR.
+
.IP "\fI expression\fP"
.RS
selects which packets will be dumped.
diff -up tcpdump-4.2.1/tcpdump.c.eperm tcpdump-4.2.1/tcpdump.c
--- tcpdump-4.2.1/tcpdump.c.eperm 2012-05-16 15:46:28.321732801 +0200
+++ tcpdump-4.2.1/tcpdump.c 2012-05-16 15:46:42.642604795 +0200
@@ -1289,9 +1289,27 @@ main(int argc, char **argv)
* Switching to the -Z user ID only after opening the first
* savefile doesn't handle the general case.
*/
- if (getuid() == 0 || geteuid() == 0) {
- if (username || chroot_dir)
- droproot(username, chroot_dir);
+
+ /* If user is running tcpdump as root and wants to write to the savefile,
+ * we will check if -C is set and if it is, we will drop root
+ * privileges right away and consequent call to pcap_dump_open()
+ * will most likely fail for the first file. If -C flag is not set we
+ * will create file as root then change ownership of file to proper
+ * user(default tcpdump) and drop root privileges.
+ */
+ int chown_flag = 0;
+ if (WFileName && (getuid() == 0 || geteuid() == 0)) {
+ if (Cflag != 0) {
+ if (username || chroot_dir)
+ droproot(username, chroot_dir);
+ } else {
+ chown_flag = 1;
+ }
+ } else {
+ if (getuid() == 0 || geteuid() == 0) {
+ if (username || chroot_dir)
+ droproot(username, chroot_dir);
+ }
}
#endif /* WIN32 */
@@ -1312,6 +1330,40 @@ main(int argc, char **argv)
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
+
+ /* Change ownership of file and drop root privileges */
+ if (chown_flag) {
+ struct passwd pwd;
+ struct passwd *p_pwd;
+ char *username_buf;
+ long initlen;
+ size_t len;
+
+ initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (initlen == -1) {
+ len = 1024;
+ } else {
+ len = (size_t) initlen;
+ }
+
+ username_buf = (char *) malloc(len * sizeof(char));
+ if (username_buf == NULL) {
+ error("malloc of username_buf");
+ }
+
+ getpwnam_r(username, &pwd, username_buf, len, &p_pwd);
+ if (p_pwd == NULL) {
+ error("Couldn't find user '%s'", username);
+ }
+
+ chown(dumpinfo.CurrentFileName, pwd.pw_uid, pwd.pw_gid);
+
+ if (username || chroot_dir)
+ droproot(username, chroot_dir);
+
+ free(username_buf);
+ }
+
if (p == NULL)
error("%s", pcap_geterr(pd));
if (Cflag != 0 || Gflag != 0) {