tcpdump mailing list archives

privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation]

From: Pekka Savola <pekkas () netcore fi>
Date: Wed, 25 Feb 2004 08:46:17 +0200 (EET)

On Tue, 24 Feb 2004, Michael Richardson wrote:

  And don't forget that -C permits rolling files, so one might have to
*recover* from chroot() to do that, and then become root again,
etc. Think about this for a moment.


This is a good point, one overlooked previously.

Is it OK, now, just by fixing the man page and/or adding some checks
that dropping privileges is incompatible with 'C' flag?

Or does someone want to start building somekind of real
privilege-separation framework?  I certainly won't be doing it :)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode, (continued)
- - - Re: SIOCGIFCONF under Linux on Itanium in 32 bit compatibility mode Guy Harris (Feb 27)
    - Re: OpenBSD work on Tcpdump privilege separation Guy Harris (Feb 22)
  - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 22)
    - Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Michael Richardson (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
    - privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
    - chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Jefferson Ogata (Feb 25)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)

(Thread continues...)