Re: OpenBSD work on Tcpdump privilege separation

[Pekka Savola <pekkas () netcore fi>]

On Mon, 23 Feb 2004, Jefferson Ogata wrote:
> > Ok, I've tested that this works at least with Linux.  The attached 
> > patch moves dropping privileges a bit earlier.
>
> Isn't all that stuff just for running tcpdump setuid? Am I missing something? I 
> though someone was talking about privilege separation.

No, this is about running tcpdump without setuid as well.

If setuid is used, the tcpdump has always switched to the real uid/gid
(AFAIR).  These modifications have changed the behaviour so that even
if tcpdump is not setuid/setgid, it will drop the root privileges to
only use specified username.
 
> You know after all that discussion on this topic last month, Andrew Pimlott came 
> up with a patch to do a chroot/setuid that no one has commented on, AFAIK. Maybe 
> it's worth looking at...?

Current tcpdump already implements everything except chroot AFAIK.  

Chroot would probably be a bit more difficult, because it might be
difficult to agree to a directory to chroot to; there would have to be
a command-line/compile-time toggle -- and when reading/writing capture
files, you'd have to do some file descriptor passing tricks etc. I'm
not personally sure whether it's worth it.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe