tcpdump mailing list archives
Re: OpenBSD work on Tcpdump privilege separation
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Tue, 24 Feb 2004 17:18:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- In sandelman.project.tcpdump.workers, you wrote:
- If root uses "tcpdump -Z nobody", he will not be able to read his own files with "-r" (my first patch had the same issue). I don't think this is desirable. He will also not be able to write his own files with "-w", and this problem existed in my patch as well. The simplest solution would seem to be doing the "-w" earlier, but I'm not sure. (This seems also to apply to -F, and perhaps something else I've missed in a quick scan of what happens after -Z is handled.)
And don't forget that -C permits rolling files, so one might have to *recover* from chroot() to do that, and then become root again, etc. Think about this for a moment. It might be SIMPLER on many systems to just chown /dev/bpf* to the right userid and run tcpdump, unpriveledged as that userid. I know not every system can do that. The right answer is that tcpdump needs to fork, drop priveledges in the child, do all of the network I/O and printing there, and pipe everything back to the parent for disk I/O. That's a bigger project - making all the printing stuff into a library is, in my opinion, the first step. {In other news, I got the tcpdump-workers passphrase from Bill. I had to recover the key itself from a damaged DOS file system on the USB key...} Now, about 3.8.2/0.8.2! - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQDvNyYqHRg3pndX9AQHYAgQAm7+K7ql1J+Xj5Zo3ngYWdJcylfgduFZy TmUS4Tp0cPSq90TMDDzQtQQSW6FieZGHujDMm65zBSWLGwHZ031xPzSqQ7B0Vobr pG2aJyBDBPaOECdMVy63zh6ZAeyfKOZUrTdqfTACZJ4N7hzeC34PoodE37CC0oYQ 6tekR67o2zM= =pg6g -----END PGP SIGNATURE----- - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode, (continued)
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Guy Harris (Feb 22)
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Shaun (Feb 22)
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Guy Harris (Feb 27)
- Re: OpenBSD work on Tcpdump privilege separation Guy Harris (Feb 22)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 22)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Michael Richardson (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)