Hi,
This has been shown internally for some time, but deraadt@ asked me to show it
to a bigger audience now so here it is!
If we want OS fingerprinting by using -o flag then we can unveil /etc/pf.os in
read mode, nevertheless in order to do this we need to inform the privsep proc
that we are using -o so I added it to priv_exec().
The other file needed to be unveiled is /etc/ethers in read mode, which I tried
to make it conditional but after several successful tests I bumped into a
packet which made tcpdump crash after some time. Unfortunately I don't have the
core nor the pcap files to investigate what happen so for now the unveil of
this file will be kept unconditional regardless of the flags or expression
used.
Could you please test tcpdump on your network with this patch? You should test
several different flags and the different combinations between them just as I
did, and please also try different expressions then report back if you had any
issues or not and if this can go in.
Index: privsep.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.48
diff -u -p -u -r1.48 privsep.c
--- privsep.c 8 Aug 2018 22:57:12 -0000 1.48
+++ privsep.c 26 Sep 2018 06:57:20 -0000
@@ -207,7 +207,7 @@ __dead void
priv_exec(int argc, char *argv[])
{
int bpfd = -1;
- int i, sock, cmd, nflag = 0, Pflag = 0;
+ int i, sock, cmd, nflag = 0, oflag = 0, Pflag = 0;
char *cmdbuf, *infile = NULL;
char *RFileName = NULL;
char *WFileName = NULL;
@@ -229,6 +229,10 @@ priv_exec(int argc, char *argv[])
nflag++;
break;
+ case 'o':
+ oflag = 1;
+ break;
+
case 'r':
RFileName = optarg;
break;
@@ -305,6 +309,12 @@ priv_exec(int argc, char *argv[])
test_state(cmd, STATE_RUN);
impl_init_done(sock, &bpfd);
+ if (oflag) {
+ if (unveil("/etc/pf.os", "r") == -1)
+ err(1, "unveil");
+ }
+ if (unveil("/etc/ethers", "r") == -1)
+ err(1, "unveil");
if (pledge("stdio rpath inet dns recvfd bpf", NULL) ==
-1)
err(1, "pledge");
