Date: Sat, 26 Jan 2008 11:35:03 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 134132 for review Message-ID: <200801261135.m0QBZ3BT074866@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=134132 Change 134132 by rwatson@rwatson_freebsd_capabilities on 2008/01/26 11:34:44 Capability-enabled tcpdump: once everything is set to go but before entering the workload, give up all rights to name global objects. This leaves tcpdump with access to stdin/stdout/stderr and the bpf descriptor. This probably isn't quite right yet. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/contrib/tcpdump/tcpdump.c#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/contrib/tcpdump/tcpdump.c#2 (text+ko) ==== @@ -1050,6 +1050,8 @@ (void)fflush(stderr); } #endif /* WIN32 */ + if (cap_enter() < 0) + err(-1, "cap_enter"); status = pcap_loop(pd, cnt, callback, pcap_userdata); if (WFileName == NULL) { /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801261135.m0QBZ3BT074866>