tcpdump mailing list archives
Re: [PATCH] Drop unneeded capabilities
From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Thu, 24 Jun 2004 11:37:27 -0400
Pekka Savola wrote:
On Wed, 23 Jun 2004, Matt Beaumont wrote:I've written a little patch to drop all but the CAP_NET_ADMIN and CAP_NET_RAW capabilities immediately if tcpdump is running with root privileges. The idea is to limit the damage done by an exploit against tcpdump. Some of the inspiration for this patch came from here: <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html> This is the first patch I've ever submitted, so I'd love to hear some feedback :)Have you checked the code in the CVS? It already includes a "droproot" option.Yours is slightly different, though, as it uses (Linux-specific?) capabilities. I'm not sure if it's necessary when we already drop the root privileges.
Capabilities are a much better approach than simply dropping root. Dropping capabilities can restrict the process far more than simply having it run as a regular user. While it's true that some OSes are sorely behind the times and don't support capabilities, it's still useful to have the infrastructure in place for the modern ones that do.
-- Jefferson Ogata <Jefferson.Ogata () noaa gov> NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov> - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- [PATCH] Drop unneeded capabilities Matt Beaumont (Jun 23)
- Re: [PATCH] Drop unneeded capabilities Pekka Savola (Jun 23)
- Re: [PATCH] Drop unneeded capabilities Jefferson Ogata (Jun 24)
- Re: [PATCH] Drop unneeded capabilities Michael Richardson (Jun 24)
- Re: [PATCH] Drop unneeded capabilities Jefferson Ogata (Jun 24)
- Re: [PATCH] Drop unneeded capabilities Pekka Savola (Jun 23)