tcpdump mailing list archives
Re: tcpdump and libpcap releases, and future thoughts
From: Guy Harris <guy () alum mit edu>
Date: Fri, 12 Sep 2014 16:19:16 -0700
On Sep 12, 2014, at 4:08 PM, Michael Richardson <mcr () sandelman ca> wrote:
Michal Sekletar <msekleta () redhat com> wrote:In the future I'd like to see pktdump to implement an architecture which would allow a user to run a packet dissector completely unprivileged. Meaning, that *all* privileged operations are done by a very tiny server program running on the side. We could then not implement equivalent of -Z option and possibly hook up the pktdump with an authentication mechanism like polkit or similar.How about: sudo pktcap - | pktdump - (or some other setuid-gid-restricted goodness for pktcap. No clue if "pktcap" is an available name, or if someone has a better name.
"dumpcap" is already taken. :-) Some have argued in favor of running dissection in a context with *reduced* privileges, so that it can't, for example, do file system I/O, create processes, etc., at least not after it's ready any configuration etc. files it might have, with address-to-name resolution done in another process with sufficient privileges to read hosts files, talk to DNS servers, etc.. The intent is to protect against bugs that can be triggered by maliciously-crafted packets. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- tcpdump and libpcap releases, and future thoughts Michael Richardson (Sep 03)
- Re: tcpdump and libpcap releases, and future thoughts Guy Harris (Sep 03)
- Re: tcpdump and libpcap releases, and future thoughts Michael Richardson (Sep 03)
- Re: tcpdump and libpcap releases, and future thoughts Guy Harris (Sep 03)
- Re: tcpdump and libpcap releases, and future thoughts Michael Richardson (Sep 03)
- Re: tcpdump and libpcap releases, and future thoughts Denis Ovsienko (Sep 06)
- Re: tcpdump and libpcap releases, and future thoughts Michal Sekletar (Sep 08)
- Re: tcpdump and libpcap releases, and future thoughts Michael Richardson (Sep 12)
- Re: tcpdump and libpcap releases, and future thoughts Guy Harris (Sep 12)
- Re: tcpdump and libpcap releases, and future thoughts Denis Ovsienko (Sep 13)
- Re: tcpdump and libpcap releases, and future thoughts Michael Richardson (Sep 12)
- Re: tcpdump and libpcap releases, and future thoughts Guy Harris (Sep 03)