From: Narayanan R S <nars@kadamba.org>
Date: Wed, 18 Jun 2025 20:42:50 +0200
Subject: fix some cricial bugs

Bug-Debian: https://bugs.debian.org/420933
Forwarded: no
Last-Update: 2021-12-23
---
 Source/icmp.c | 10 +++++++---
 Source/main.c | 21 ++++++++++++++++++---
 Source/tcp.c  | 10 +++++++---
 Source/udp.c  | 10 +++++++---
 4 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/Source/icmp.c b/Source/icmp.c
index 87ca2fc..d003dae 100644
--- a/Source/icmp.c
+++ b/Source/icmp.c
@@ -39,6 +39,8 @@
 #include "log.h"
 #include "filter.h"
 #include "configuration.h"
+#include <string.h>
+#include <errno.h>
 
 /* Socket */
 int icmp_socket;
@@ -296,14 +298,16 @@ void *log_icmp(void *nobody) {
 
   icmp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
   if (icmp_socket <= 0) {
-	log.log(log.level_or_fd, "FATAL: Unable to open icmp raw socket");
+	int error = errno;
+    	log.log(log.level_or_fd, "FATAL: Unable to open icmp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error));
     exit(1);
   }
 
-  setgid(((struct passwd *)nobody)->pw_gid);
+  /* Don't do this here - race conditions will arise */
+  /* setgid(((struct passwd *)nobody)->pw_gid);
   initgroups(((struct passwd *)nobody)->pw_name,
 	     ((struct passwd *)nobody)->pw_gid);
-  setuid(((struct passwd *)nobody)->pw_uid);
+  setuid(((struct passwd *)nobody)->pw_uid); */
 
   for(;;) {
     if (read(icmp_socket, (__u8 *) &pkt, ICMP_CAPTURE_LENGTH) == -1) {
diff --git a/Source/main.c b/Source/main.c
index ad01f81..ad3fc54 100644
--- a/Source/main.c
+++ b/Source/main.c
@@ -157,6 +157,17 @@ void start_all_threads() {
     run_thread(&udp_t, log_udp, (void *)account);
   }
 
+  /* Sleep 1 sec to allow the other threads to catchup */
+  /* Not the best way to solve the issue but it works */
+  sleep(1);
+
+  /* Drop privileges */
+
+  setgid(((struct passwd *)account)->pw_gid);
+  initgroups(((struct passwd *)account)->pw_name,
+	     ((struct passwd *)account)->pw_gid);
+  setuid(((struct passwd *)account)->pw_uid);
+
 }  
 
 
@@ -164,8 +175,10 @@ void start_all_threads() {
  * reload_configuration
  *
  * Stops the threads and reloads the configuration
+ *
+ * -- DEPRECATED (due to privilege drop cannot reload - needs a restart!)
  */
-void reload_configuration() {
+void reload_configuration_DEPRECATED() {
   extern pthread_mutex_t log_mutex, service_mutex, dns_mutex, r_mux, w_mux;
   extern pthread_cond_t w_cond;
   extern int readers;
@@ -357,8 +370,10 @@ void die(int sig) {
  * Function executed when we receive a SIHUP signal
  */
 void sighup(int sig) {
-  reload_configuration();
-  log.log(log.level_or_fd, "IP Protocols Logger: reloaded configuration.");
+  // DEPRECATED - reload_configuration();
+  // log.log(log.level_or_fd, "IP Protocols Logger: reloaded configuration.");
+  log.log(log.level_or_fd, "IP Protocols Logger: reload configuration is unsupported.");
+  die(sig);
   signal(SIGHUP, sighup);
 }
 
diff --git a/Source/tcp.c b/Source/tcp.c
index 9857f4d..cb43270 100644
--- a/Source/tcp.c
+++ b/Source/tcp.c
@@ -44,6 +44,8 @@
 #include "filter.h"
 #include "configuration.h"
 #include "ident.h"
+#include <errno.h>
+#include <string.h>
 
 /* Socket */
 int tcp_socket;
@@ -259,14 +261,16 @@ void *log_tcp(void *nobody) {
 
   tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
   if (tcp_socket <= 0) {
-	log.log(log.level_or_fd, "FATAL: Unable to open tcp raw socket");
+  	int error = errno;
+	log.log(log.level_or_fd, "FATAL: Unable to open tcp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error));
     exit(1);
   }
 
-  setgid(((struct passwd *)nobody)->pw_gid);
+  /* Don't do this here - race conditions will arise */
+  /* setgid(((struct passwd *)nobody)->pw_gid);
   initgroups(((struct passwd *)nobody)->pw_name,
 	     ((struct passwd *)nobody)->pw_gid);
-  setuid(((struct passwd *)nobody)->pw_uid);
+  setuid(((struct passwd *)nobody)->pw_uid); */
 
   for(;;) {
     if (read(tcp_socket, (__u8 *) &pkt, TCP_CAPTURE_LENGTH) == -1) {
diff --git a/Source/udp.c b/Source/udp.c
index 328d792..f64e086 100644
--- a/Source/udp.c
+++ b/Source/udp.c
@@ -39,6 +39,8 @@
 #include "filter.h"
 #include "configuration.h"
 #include "ident.h"
+#include <errno.h>
+#include <string.h>
 
 /* Socket */
 int udp_socket;
@@ -138,14 +140,16 @@ void *log_udp(void *nobody) {
 
   udp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
   if (udp_socket <= 0) {
-	log.log(log.level_or_fd, "FATAL: Unable to open udp raw socket");
+  	int error = errno;
+	log.log(log.level_or_fd, "FATAL: Unable to open udp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error));
     exit(1);
   }
 
-  setgid(((struct passwd *)nobody)->pw_gid);
+  /* Don't do this here - race conditions will arise */
+  /* setgid(((struct passwd *)nobody)->pw_gid);
   initgroups(((struct passwd *)nobody)->pw_name,
 	     ((struct passwd *)nobody)->pw_gid);
-  setuid(((struct passwd *)nobody)->pw_uid);
+  setuid(((struct passwd *)nobody)->pw_uid); */
 
   for(;;) {
     if (read(udp_socket, (__u8 *) &pkt, UDP_CAPTURE_LENGTH) == -1) {
