/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
#ifdef HAVE_PLUGINS
/* Register wiretap plugins */
!IF "$(MSVC_VARIANT)" == "MSVC2008" || "$(MSVC_VARIANT)" == "MSVC2008EE" || "$(MSVC_VARIANT)" == "MSVC2010" || "$(MSVC_VARIANT)" == "MSVC2010EE"
LOCAL_CFLAGS= $(LOCAL_CFLAGS) /MP
!ENDIF
+
# Linker flags:
# /DEBUG generate debug info
# /PROFILE generate map file(s) for profiling
DLL_LDFLAGS = /MANIFEST:no
!ENDIF
+# Enable ASLR. Requires VS2008 or later.
+# http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
+# DEP is handled in init_process_policies()
+
+# ASLR http://msdn.microsoft.com/en-us/library/bb384887.aspx
+!IF $(MSC_VER_REQUIRED) >= 1500
+LOCAL_LDFLAGS= $(LOCAL_LDFLAGS) /DYNAMICBASE
+!ENDIF
+
PLUGIN_LDFLAGS = /NOLOGO /INCREMENTAL:no $(LOCAL_LDFLAGS) $(DLL_LDFLAGS)
#
/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
/*
* Attempt to get the pathname of the executable file.
/* */
/* ----------------------------------------------------------------- */
- get_credential_info();
+ init_process_policies();
#ifdef HAVE_LIBCAP
/* If 'started with special privileges' (and using libcap) */
optarg_str_p++;
}
- /*
- * check for a negative adjustment
- * A negative strict adjustment value is a flag
+ /*
+ * check for a negative adjustment
+ * A negative strict adjustment value is a flag
* to adjust all frames by the specifed delta time.
*/
if (*optarg_str_p == '-') {
/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
#ifdef HAVE_PLUGINS
/* Register wiretap plugins */
phdr = &snap_phdr;
}
} else {
- /*
- * A negative strict time adjustment is requested.
- * Unconditionally set each timestamp to previous
+ /*
+ * A negative strict time adjustment is requested.
+ * Unconditionally set each timestamp to previous
* packet's timestamp plus delta.
*/
snap_phdr = *phdr;
* before doing anything else.
* Let the user know if anything happened.
*/
- get_credential_info();
+ init_process_policies();
relinquish_special_privs_perm();
/*
/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
/*
* Clear the filters arrays
/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
/* nothing more than the standard GLib handler, but without a warning */
log_flags =
/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
/*
* Attempt to get the pathname of the executable file.
mpa_version
; privileges.c
-get_credential_info
+init_process_policies
get_cur_groupname
get_cur_username
npf_sys_is_running
* we'll need later.
*/
void
-get_credential_info(void)
+init_process_policies(void)
{
+ typedef BOOL (*SetProcessDEPPolicyHandler)(DWORD);
+ SetProcessDEPPolicyHandler PSetProcessDEPPolicy;
+
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 1
+#endif
+
+ if (PSetProcessDEPPolicy = (SetProcessDEPPolicyHandler) GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "SetProcessDEPPolicy")) {
+ PSetProcessDEPPolicy(PROCESS_DEP_ENABLE);
+ }
+
npf_sys_is_running();
}
static uid_t ruid, euid;
static gid_t rgid, egid;
-static gboolean get_credential_info_called = FALSE;
+static gboolean init_process_polices_called = FALSE;
/*
* Called when the program starts, to save whatever credential information
* That'd be the real and effective UID and GID on UNIX.
*/
void
-get_credential_info(void)
+init_process_polices(void)
{
ruid = getuid();
euid = geteuid();
rgid = getgid();
egid = getegid();
- get_credential_info_called = TRUE;
+ init_process_polices_called = TRUE;
}
/*
gboolean
started_with_special_privs(void)
{
- g_assert(get_credential_info_called);
+ g_assert(init_process_polices_called);
#ifdef HAVE_ISSETUGID
return issetugid();
#else
*/
/**
- * Called when the program starts, to save whatever credential information
- * we'll need later.
+ * Called when the program starts, to enable security features and save
+ * whatever credential information we'll need later.
*/
-extern void get_credential_info(void);
+extern void init_process_policies(void);
/**
* Was this program started with special privileges? get_credential_info()