tcpdump mailing list archives
Re: OpenBSD work on Tcpdump privilege separation
From: Pekka Savola <pekkas () netcore fi>
Date: Mon, 23 Feb 2004 19:10:25 +0200 (EET)
On Mon, 23 Feb 2004, Hannes Gredler wrote:
tx pekka - can sombeody pls test on the BSDs ? - /hannes
Works on my FreeBSD at least. However, I noticed a different problem with dropping the privileges. The critical questions are: 1) does one have to be able to record files (with '-w') also to directories you yourself (root) have write access to, but the user to which you drop the privileges does not? 2) is there any difference whether dropping the privileges was implicit (with '--with-user') or explicit ('-Z')? 3) would we want to hack tcpdump a bit further, so that the write file would be opened as early as possible, to be able to drop the privileges earlier (if yes to 1)? [this might also help with chrooting, if we wanted to do it.] I assume the answers are "yes", "no" and "no". (Currently this this is "yes; if the username was implicit, and then root privs are dropped later". Thoughts? Note that with setuid tcpdump, this has never been possible (due to valid reasons, of course :). But root-dropping tcpdump, especially if done automatically, might be a bit special. I've attached a patch this results in the assumed intended behaviour: the privileges are dropped only later, the behaviour is identical with or without --with-user=xxx, and more detailed hackery of write files is omitted. I've moved up the setuid-part though. Please discuss what you feel would be the best approach! I might personally be tempted to move up the opening of write files part.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Attachment:
tcpdump-droppriv.patch
Description:
Current thread:
- Re: OpenBSD work on Tcpdump privilege separation, (continued)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 22)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Michael Richardson (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 22)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Jefferson Ogata (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Hannes Gredler (Feb 25)
- Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Andrew Pimlott (Feb 26)