tcpdump mailing list archives
Re: why doesn't tcpdump drop privileges?
From: Ryan Mooney <ryan () pcslink com>
Date: Wed, 21 Jan 2004 07:44:51 -1000
Not really comments on the specific patch, or its applicability to the issue at hand. I'm a strong believer in defense in depth. Does a trench outside the wall stop all the attackers? No, but it does slow them down, and gives you a chance to regroup. Dropping privileges from root stops a wide range of script kiddy type attacks from causing much much more damage than they would otherwise. If you really don't believe in this, tell us where you run your web server and justify why its running it as root :) I agree that this does not stop a determined and resourceful hacker, it will however slow them down and possibly encourage them to seak a softer target. The primary source of most attacks I've seen lately are script kiddies, and if tcpdump was running as an unprivileged user it would limit the spread of damage on many systems (they would at least have to try a little). Just my $0.02.
The big difference here was between "user not on my system" and "user running arbitrary code on my system". What user the code is running as once you get to that point is relatively unimportant, and on most systems it won't take the user long to get root. Yes, if you have a well configured and patched system, and practice good sysadmin hygiene, the separation will be strong, but I'm talking about the majority of systems. And even if you keep the user from getting root, most intruders are quite happy to get a user shell -- they don't need root to set up an IRC bot or use your box as a springboard to attack someone else. That's why, *practically* speaking, the difference between root and joe user is not that big when it comes to intrusions: what we want is to keep the potential intruder *off* the system, period.
--
-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-<
Ryan Mooney ryan () pcslink com <-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 21)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 21)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 23)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Ryan Mooney (Jan 21)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 21)
- Re: why doesn't tcpdump drop privileges? Jefferson Ogata (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 20)
- Re: why doesn't tcpdump drop privileges? Pekka Savola (Jan 20)
- Re: why doesn't tcpdump drop privileges? Andrew Pimlott (Jan 21)
- Re: why doesn't tcpdump drop privileges? Pekka Savola (Jan 21)
- Re: why doesn't tcpdump drop privileges? Hannes Gredler (Jan 24)