Re: why doesn't tcpdump drop privileges?

[Earl Hood <earl () earlhood com>]

On January 20, 2004 at 17:40, Andrew Pimlott wrote:

> Every once in a while there is a security alert about tcpdump being
> hackable through one of the many protocol analyzers.  Couldn't these
> be prevented simply by unconditionally dropping privileges as soon
> as the interface is opened?
  [snip]

I think so.  I just a posted a patch for dropping priviledges in a
similiar style that the RedHat port of tcpdump does.  By default,
it fallsback to the pcap userid, but you can also explicitly specify
which user via a command-line option.

The default user to fallback on should probably be a configure
setting, but I did not mess with the autoconf stuff.

--ewh
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe