tcpdump mailing list archives

chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation]

From: Pekka Savola <pekkas () netcore fi>
Date: Wed, 25 Feb 2004 09:58:52 +0200 (EET)

Hi,

This is my view on how chroot should be done (note: I haven't bothered 
to add a cmd-line argument, if you think that should be added, it's 
trivial), and the trivial setuid patch as well.

This doesn't try to automatically create directories or whatever, but 
relies on the compile time option (e.g. /var/empty) but is IMHO better 
in some sense.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Attachment: tcpdump-setuid.patch
Description:

Attachment: tcpdump-chroot.patch
Description:

Current thread:

Re: OpenBSD work on Tcpdump privilege separation, (continued)
- - - Re: OpenBSD work on Tcpdump privilege separation Michael Richardson (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
    - privileges and 'C' -flag [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 23)
    - Re: OpenBSD work on Tcpdump privilege separation Hannes Gredler (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Andrew Pimlott (Feb 24)
    - Re: OpenBSD work on Tcpdump privilege separation Jefferson Ogata (Feb 24)
    - chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Jefferson Ogata (Feb 25)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 25)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Hannes Gredler (Feb 25)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Andrew Pimlott (Feb 26)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Pekka Savola (Feb 26)
    - Re: chroot and setuid [Re: OpenBSD work on Tcpdump privilege separation] Andrew Pimlott (Feb 26)
    - Re: OpenBSD work on Tcpdump privilege separation Rodrigo Rubira Branco (Feb 25)
    - Re: OpenBSD work on Tcpdump privilege separation Pekka Savola (Feb 25)
    - Re: OpenBSD work on Tcpdump privilege separation - OFFTOPIC Rodrigo Rubira Branco (Feb 25)
    - Re: OpenBSD work on Tcpdump privilege separation - OFFTOPIC Pekka Savola (Feb 25)