tcpdump mailing list archives
Re: why doesn't tcpdump drop privileges?
From: Pekka Savola <pekkas () netcore fi>
Date: Wed, 21 Jan 2004 19:28:30 +0200 (EET)
On Wed, 21 Jan 2004, Andrew Pimlott wrote:
On Wed, Jan 21, 2004 at 08:05:27AM +0200, Pekka Savola wrote:As for why I went for "pcap" instead of nobody in the first place.. Red Hat bundles tcpdump with arpwatch, which I also coded to drop root privileges. Picking a specific user name for these two purposes seemed only logical. (Arpwatch has to maintain a couple of files owned by 'pcap' as well.)I agree that picking a new user for this purpose is a sound choice. However, if this user owns files (especially ones that might be run or otherwise used by root), it seems to defeat the purpose.
The file (arp.dat) required to be writable by arpwatch is not executable, so this is not a big worry. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Re: why doesn't tcpdump drop privileges?, (continued)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 21)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 21)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 23)
- Re: why doesn't tcpdump drop privileges? Ryan Mooney (Jan 21)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 21)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Pekka Savola (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 21)
- Re: why doesn't tcpdump drop privileges? Pekka Savola (Jan 21)
- Re: why doesn't tcpdump drop privileges? Hannes Gredler (Jan 24)