Re: OpenBSD work on Tcpdump privilege separation

[Pekka Savola <pekkas () netcore fi>]

On Sat, 21 Feb 2004, Richard Bejtlich wrote:
> Has anyone seen the OpenBSD work on privilege
> separation for Tcpdump?  I became aware of it from
> this post:
>
> http://marc.theaimsgroup.com/?l=openbsd-cvs&m=107531986114887&w=2

I took a quick look at it, and I can't quite understand why they made 
it so complicated.  The same patch also includes integration with 
their PF software for traffic fingerprinting purposes, so I guess 
that's one reason..

The current tcpdump just drops privileges before pretty much anything 
is done.  Now looking at the code, maybe the privilege separation 
could be done even slightly earlier in the "pcap_open_live" branch, 
e.g., after pcap_open_live, but I haven't tested this.  I guess it 
depends on whether pcap_set_datalink, pcap_snapshot (this one might 
be dangerous with root!) or pcap_lookupnet requires root privileges.

This might be worth experimenting with.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe