Re: why doesn't tcpdump drop privileges?

[Andrew Pimlott <andrew () pimlott net>]

On Tue, Jan 20, 2004 at 06:31:08PM -0600, Earl Hood wrote:
> I think so.  I just a posted a patch for dropping priviledges in a
> similiar style that the RedHat port of tcpdump does.

This must be the RedHat that never sends their patches back
upstream.  :-/

(I didn't see your patch because I just subscribed.)

> By default,
> it fallsback to the pcap userid, but you can also explicitly specify
> which user via a command-line option.

I don't know what the pcap user is for on RedHat, but I don't see
why you would change to pcap instead of nobody.  nobody is
essentially by definition the least empowered user on the system, so
isn't that the natural choice?

> The default user to fallback on should probably be a configure
> setting, but I did not mess with the autoconf stuff.

Me neither.  ;-)  But the advantage of defaulting to nobody is that
it will "just work" on most systems, and thus make more people safe
than any scheme that requires explicit activation by a user or
administrator.  I don't mind a configure setting or command-line
option to override the default, of course.

I also agree (as I said in my other message) with supporting
security mechanisms other than unix userid on systems that have
them.  Changing userid is just an easy first step.

Andrew
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe