Ricardo Mestre (2017-06-13 01:37 +0200):
> CVSROOT: /cvs
> Module name: src
> Changes by: [email protected] 2017/06/12 17:37:44
>
> Modified files:
> sbin/pflogd : privsep.c
>
> Log message:
> pledge(2) bpf has been in use for some time now on tcpdump(8), this will
> enable
> it also for pflogd(8)'s priv proc.
>
> OK deraadt@
This is a problem if the logfile has a different snaplen:
sigma:/usr/src/sbin/pflogd $ doas obj/pflogd -Ds 200
[priv]: msg PRIV_OPEN_LOG received
Existing file has different snaplen 160, using it
[priv]: msg PRIV_SET_SNAPLENGTH received
Abort trap (core dumped)
dmesg:
pflogd(27017): syscall 54 "tty"
Backtrace:
#0 0x000010e809fd8f9a in ioctl () at {standard input}:5
#1 0x000010e817f4ee76 in pcap_setfilter (p=0x10e81e1cfe00, fp=0x7f7ffffe13d0)
at /usr/src/lib/libpcap/pcap-bpf.c:923
#2 0x000010e603201624 in set_pcap_filter () at
/usr/src/sbin/pflogd/pflogd.c:188
#3 0x000010e603202384 in priv_init () at /usr/src/sbin/pflogd/privsep.c:187
#4 0x000010e603201a0b in main (argc=3, argv=0x7f7ffffe1918) at
/usr/src/sbin/pflogd/pflogd.c:633
/usr/src/lib/libpcap/pcap-bpf.c:923:
} else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) {
