• file
• revisions
• annotate
• diff
• comparison
• raw

arpwatch/arpwatch.patch@0ba300bdf30a (annotated)

arpwatch/arpwatch.patch

Mon, 20 Apr 2009 19:22:00 +0200

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Mon, 20 Apr 2009 19:22:00 +0200

changeset 178

0ba300bdf30a

permissions

-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

michael@64	1	Index: configure
michael@64	2	--- configure.orig 2006-06-21 22:32:38.000000000 +0200
michael@64	3	+++ configure 2006-10-20 15:30:45.862899000 +0200
michael@64	4	@@ -5259,11 +5259,7 @@
michael@64	5	echo "$as_me:$LINENO: result: $ac_cv_lbl_have_" >&5
michael@64	6	echo "${ECHO_T}$ac_cv_lbl_have_" >&6
michael@64	7	if test $ac_cv_lbl_have_ = no ; then
michael@64	8	-
michael@64	9	-cat >>confdefs.h <<\_ACEOF
michael@64	10	-#define
michael@64	11	-_ACEOF
michael@64	12	-
michael@64	13	+ :
michael@64	14	fi
michael@64	15
michael@64	16	rm -f os-proto.h
michael@64	17	Index: Makefile.in
michael@64	18	--- Makefile.in.orig 2000-06-15 02:39:55.000000000 +0200
michael@64	19	+++ Makefile.in 2006-10-20 17:41:03.246914000 +0200
michael@64	20	@@ -31,7 +31,7 @@
michael@64	21	# Pathname of directory to install the man page
michael@64	22	MANDEST = @mandir@
michael@64	23	# Pathname of directory to install database file
michael@64	24	-ARPDIR = $(prefix)/arpwatch
michael@64	25	+ARPDIR = @localstatedir@
michael@64	26
michael@64	27	# VPATH
michael@64	28	srcdir = @srcdir@
michael@64	29	@@ -42,16 +42,17 @@
michael@64	30	#
michael@64	31
michael@64	32	CC = @CC@
michael@64	33	+CFLAGS = @CFLAGS@
michael@64	34	+CPPFLAGS = @CPPFLAGS@
michael@64	35	+
michael@64	36	PROG = arpwatch
michael@64	37	CCOPT = @V_CCOPT@
michael@64	38	INCLS = -I. @V_INCLS@
michael@64	39	DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
michael@64	40
michael@64	41	-# Standard CFLAGS
michael@64	42	-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
michael@64	43	-
michael@64	44	# Standard LIBS
michael@64	45	LIBS = @LIBS@
michael@64	46	+LDFLAGS = @LDFLAGS@
michael@64	47	# Standard LIBS without libpcap.a
michael@64	48	SLIBS = @LBL_LIBS@
michael@64	49
michael@64	50	@@ -63,7 +64,7 @@
michael@64	51	# problem if you don't own the file but can write to the directory.
michael@64	52	.c.o:
michael@64	53	@rm -f $@
michael@64	54	- $(CC) $(CFLAGS) -c $(srcdir)/$*.c
michael@64	55	+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c $(srcdir)/$*.c
michael@64	56
michael@64	57	CSRC = db.c dns.c ec.c file.c intoa.c machdep.c util.c report.c setsignal.c
michael@64	58	WSRC = arpwatch.c
michael@64	59	@@ -95,11 +96,11 @@
michael@64	60
michael@64	61	arpwatch: $(WOBJ) @V_PCAPDEP@
michael@64	62	@rm -f $@
michael@64	63	- $(CC) $(CFLAGS) -o $@ $(WOBJ) $(LIBS)
michael@64	64	+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -o $@ $(WOBJ) $(LDFLAGS) $(LIBS)
michael@64	65
michael@64	66	arpsnmp: $(SOBJ)
michael@64	67	@rm -f $@
michael@64	68	- $(CC) $(CFLAGS) -o $@ $(SOBJ) $(SLIBS)
michael@64	69	+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -o $@ $(SOBJ) $(LDFLAGS) $(SLIBS)
michael@64	70
michael@64	71	version.o: version.c
michael@64	72	version.c: $(srcdir)/VERSION
michael@64	73	@@ -107,18 +108,22 @@
michael@64	74	sed -e 's/.*/char version[] = "&";/' $(srcdir)/VERSION > $@
michael@64	75
michael@64	76	zap: zap.o intoa.o
michael@64	77	- $(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
michael@64	78	+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -o $@ zap.o intoa.o $(LDFLAGS) -lutil
michael@64	79
michael@64	80	install: force
michael@64	81	- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
michael@64	82	- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
michael@64	83	+ $(INSTALL) -s -m 555 arpwatch $(DESTDIR)$(BINDEST)
michael@64	84	+ $(INSTALL) -s -m 555 arpsnmp $(DESTDIR)$(BINDEST)
michael@64	85
michael@64	86	install-man: force
michael@64	87	- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
michael@64	88	+ $(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
michael@64	89	$(DESTDIR)$(MANDEST)/man8
michael@64	90	- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
michael@64	91	+ $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
michael@64	92	$(DESTDIR)$(MANDEST)/man8
michael@64	93
michael@64	94	+install-data: force
michael@64	95	+ $(INSTALL) -m 444 $(srcdir)/ethercodes.dat \
michael@64	96	+ $(DESTDIR)$(ARPDIR)
michael@64	97	+
michael@64	98	lint: $(GENSRC) force
michael@64	99	lint -hbxn $(SRC) | \
michael@64	100	grep -v 'struct/union .* never defined' | \
michael@64	101	Index: arpwatch.8
michael@64	102	--- arpwatch.8.orig 2006-10-20 16:13:53.268590000 +0200
michael@64	103	+++ arpwatch.8 2006-10-20 16:15:01.537612000 +0200
michael@64	104	@@ -152,9 +152,8 @@
michael@64	105	.na
michael@64	106	.nh
michael@64	107	.nf
michael@64	108	-/usr/operator/arpwatch - default directory
michael@64	109	-arp.dat - ethernet/ip address database
michael@64	110	-ethercodes.dat - vendor ethernet block list
michael@64	111	+@l_prefix@/var/arpwatch/arp.dat - ethernet/ip address database
michael@64	112	+@l_prefix@/var/arpwatch/ethercodes.dat - vendor ethernet block list
michael@64	113	.ad
michael@64	114	.hy
michael@64	115	.fi
michael@64	116	Index: arpsnmp.8
michael@64	117	--- arpsnmp.8.orig 2006-10-20 16:14:50.412624000 +0200
michael@64	118	+++ arpsnmp.8 2006-10-20 16:14:59.301665000 +0200
michael@64	119	@@ -69,9 +69,8 @@
michael@64	120	.na
michael@64	121	.nh
michael@64	122	.nf
michael@64	123	-/usr/operator/arpwatch - default directory
michael@64	124	-arp.dat - ethernet/ip address database
michael@64	125	-ethercodes.dat - vendor ethernet block list
michael@64	126	+@l_prefix@/var/arpwatch/arp.dat - ethernet/ip address database
michael@64	127	+@l_prefix@/var/arpwatch/ethercodes.dat - vendor ethernet block list
michael@64	128	.ad
michael@64	129	.hy
michael@64	130	.fi
michael@64	131	Index: arpwatch.h
michael@64	132	--- arpwatch.h.orig 2000-10-01 01:40:55.000000000 +0200
michael@64	133	+++ arpwatch.h 2006-10-21 07:41:55.629111000 +0200
michael@64	134	@@ -8,6 +8,20 @@
michael@64	135	#define BCOPY(a, b, n) memmove((char *)b, (char *)a, n)
michael@64	136	#define MEMSET(s, c, n) memset((char *)s, c, n)
michael@64	137
michael@64	138	+/* Repair unportable usage of u_int*_t declarations */
michael@64	139	+#ifndef u_int64_t
michael@64	140	+#define u_int64_t unsigned long long
michael@64	141	+#endif
michael@64	142	+#ifndef u_int32_t
michael@64	143	+#define u_int32_t unsigned int
michael@64	144	+#endif
michael@64	145	+#ifndef u_int16_t
michael@64	146	+#define u_int16_t unsigned short
michael@64	147	+#endif
michael@64	148	+#ifndef u_int6_t
michael@64	149	+#define u_int8_t unsigned char
michael@64	150	+#endif
michael@64	151	+
michael@64	152	char *intoa(u_int32_t);
michael@64	153
michael@64	154	#ifndef HAVE_BCOPY
michael@64	155	Index: arpwatch.c
michael@64	156	--- arpwatch.c.orig 2004-01-22 23:18:20.000000000 +0100
michael@64	157	+++ arpwatch.c 2006-10-20 19:28:25.417689000 +0200
michael@64	158	@@ -234,8 +234,11 @@
michael@64	159	if (pid < 0) {
michael@64	160	syslog(LOG_ERR, "main fork(): %m");
michael@64	161	exit(1);
michael@64	162	- } else if (pid != 0)
michael@64	163	+ } else if (pid != 0) {
michael@64	164	+ printf("%d\n", pid);
michael@64	165	+ fflush(stdout);
michael@64	166	exit(0);
michael@64	167	+ }
michael@64	168	(void)close(fileno(stdin));
michael@64	169	(void)close(fileno(stdout));
michael@64	170	(void)close(fileno(stderr));
michael@64	171	@@ -321,7 +324,6 @@
michael@64	172
michael@64	173	(void)setsignal(SIGINT, die);
michael@64	174	(void)setsignal(SIGTERM, die);
michael@64	175	- (void)setsignal(SIGHUP, die);
michael@64	176	if (rfilename == NULL) {
michael@64	177	(void)setsignal(SIGQUIT, checkpoint);
michael@64	178	(void)setsignal(SIGALRM, checkpoint);
michael@64	179	Index: dns.c
michael@64	180	--- dns.c.orig 2006-10-20 19:06:40.704886000 +0200
michael@64	181	+++ dns.c 2006-10-20 19:20:09.611322000 +0200
michael@64	182	@@ -137,7 +137,7 @@
michael@64	183	return (0);
michael@64	184	}
michael@64	185
michael@64	186	-/* Return the cannonical name of the host */
michael@64	187	+/* Return the canonical name of the host (NULL if not found) */
michael@64	188	char *
michael@64	189	gethname(u_int32_t a)
michael@64	190	{
michael@64	191	@@ -150,18 +150,18 @@
michael@64	192	hp = gethostbyaddr((char *)&a, sizeof(a), AF_INET);
michael@64	193	_res.options = options;
michael@64	194	if (hp == NULL)
michael@64	195	- return (intoa(a));
michael@64	196	+ return NULL;
michael@64	197	return (hp->h_name);
michael@64	198	}
michael@64	199
michael@64	200	-/* Return the simple name of the host */
michael@64	201	+/* Return the simple name of the host (NULL if not found) */
michael@64	202	char *
michael@64	203	getsname(register u_int32_t a)
michael@64	204	{
michael@64	205	register char *s, *cp;
michael@64	206
michael@64	207	s = gethname(a);
michael@64	208	- if (!isdigit((int)*s)) {
michael@64	209	+ if (s != NULL) {
michael@64	210	cp = strchr(s, '.');
michael@64	211	if (cp != NULL)
michael@64	212	*cp = '\0';