tcpdump mailing list archives
Re: OpenBSD work on Tcpdump privilege separation
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Tue, 24 Feb 2004 17:18:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- In sandelman.project.tcpdump.workers, you wrote:
- If root uses "tcpdump -Z nobody", he will not be able to read his own files with "-r" (my first patch had the same issue). I don't think this is desirable. He will also not be able to write his own files with "-w", and this problem existed in my patch as well. The simplest solution would seem to be doing the "-w" earlier, but I'm not sure. (This seems also to apply to -F, and perhaps something else I've missed in a quick scan of what happens after -Z is handled.)
And don't forget that -C permits rolling files, so one might have to
*recover* from chroot() to do that, and then become root again,
etc. Think about this for a moment.
It might be SIMPLER on many systems to just chown /dev/bpf* to the
right userid and run tcpdump, unpriveledged as that userid. I know not
every system can do that.
The right answer is that tcpdump needs to fork, drop priveledges in
the child, do all of the network I/O and printing there, and pipe
everything back to the parent for disk I/O.
That's a bigger project - making all the printing stuff into a library
is, in my opinion, the first step.
{In other news, I got the tcpdump-workers passphrase from Bill. I had to
recover the key itself from a damaged DOS file system on the USB key...}
Now, about 3.8.2/0.8.2!
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQDvNyYqHRg3pndX9AQHYAgQAm7+K7ql1J+Xj5Zo3ngYWdJcylfgduFZy
TmUS4Tp0cPSq90TMDDzQtQQSW6FieZGHujDMm65zBSWLGwHZ031xPzSqQ7B0Vobr
pG2aJyBDBPaOECdMVy63zh6ZAeyfKOZUrTdqfTACZJ4N7hzeC34PoodE37CC0oYQ
6tekR67o2zM=
=pg6g
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode, (continued)
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Guy Harris (Feb 22)
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Shaun (Feb 22)
- Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Guy Harris (Feb 27)
- Re: OpenBSD work on Tcpdump privilege separation Guy Harris (Feb 22)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 22)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Michael Richardson (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
- Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
- Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
- chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)