ing
This commit is contained in:
parent
b89521ccc0
commit
fd3c4dd129
40
config/build/mac/ChmodBPF/ChmodBPF
Normal file
40
config/build/mac/ChmodBPF/ChmodBPF
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# Unfortunately, macOS's devfs is based on the old FreeBSD
|
||||||
|
# one, not the current one, so there's no way to configure it
|
||||||
|
# to create BPF devices with particular owners or groups. BPF
|
||||||
|
# devices on macOS are also non-cloning, that is they can
|
||||||
|
# be created on demand at any time. This startup item will
|
||||||
|
# pre-create a number of BPF devices, then make them owned by
|
||||||
|
# the access_bpf group, with permissions rw-rw----, so that
|
||||||
|
# anybody in the access_bpf group can use programs that capture
|
||||||
|
# or send raw packets.
|
||||||
|
#
|
||||||
|
# Change this as appropriate for your site, e.g. to make
|
||||||
|
# it owned by a particular user without changing the permissions,
|
||||||
|
# so only that user and the super-user can capture or send raw
|
||||||
|
# packets, or give it the permissions rw-r-----, so that
|
||||||
|
# only the super-user can send raw packets but anybody in the
|
||||||
|
# admin group can capture packets.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Pre-create BPF devices. Set to 0 to disable.
|
||||||
|
FORCE_CREATE_BPF_MAX=256
|
||||||
|
|
||||||
|
SYSCTL_MAX=$( sysctl -n debug.bpf_maxdevices )
|
||||||
|
if [ "$FORCE_CREATE_BPF_MAX" -gt "$SYSCTL_MAX" ] ; then
|
||||||
|
FORCE_CREATE_BPF_MAX=$SYSCTL_MAX
|
||||||
|
fi
|
||||||
|
|
||||||
|
syslog -s -l notice "ChmodBPF: Forcing creation and setting permissions for /dev/bpf*"
|
||||||
|
|
||||||
|
CUR_DEV=0
|
||||||
|
while [ "$CUR_DEV" -lt "$FORCE_CREATE_BPF_MAX" ] ; do
|
||||||
|
# Try to do the minimum necessary to trigger the next device.
|
||||||
|
read -n 0 < /dev/bpf$CUR_DEV > /dev/null 2>&1
|
||||||
|
CUR_DEV=$(( $CUR_DEV + 1 ))
|
||||||
|
done
|
||||||
|
|
||||||
|
chgrp access_bpf /dev/bpf*
|
||||||
|
chmod g+rw /dev/bpf*
|
|
@ -0,0 +1,12 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||||
|
<plist version="1.0">
|
||||||
|
<dict>
|
||||||
|
<key>Label</key>
|
||||||
|
<string>com.loafle.overflow.scanner.ChmodBPF</string>
|
||||||
|
<key>RunAtLoad</key>
|
||||||
|
<true/>
|
||||||
|
<key>Program</key>
|
||||||
|
<string>/Library/Application Support/overFlow-NetworkScanner/ChmodBPF/ChmodBPF</string>
|
||||||
|
</dict>
|
||||||
|
</plist>
|
|
@ -1,3 +1,21 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
CHMOD_BPF="/Library/LaunchDaemons/com.loafle.overflow.scanner.ChmodBPF.plist"
|
||||||
|
BPF_GROUP="access_bpf"
|
||||||
|
BPF_GROUP_NAME="BPF device access ACL"
|
||||||
|
|
||||||
|
dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || \
|
||||||
|
dseditgroup -q -o create "$BPF_GROUP"
|
||||||
|
dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"
|
||||||
|
|
||||||
|
cp "/Library/Application Support/overFlow-NetworkScanner/ChmodBPF/com.loafle.overflow.scanner.ChmodBPF.plist" \
|
||||||
|
"$CHMOD_BPF"
|
||||||
|
chmod 755 "$CHMOD_BPF"
|
||||||
|
chown root:wheel "$CHMOD_BPF"
|
||||||
|
|
||||||
|
rm -rf /Library/StartupItems/ChmodBPF
|
||||||
|
|
||||||
|
launchctl load "$CHMOD_BPF"
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
Loading…
Reference in New Issue
Block a user