Re: [PATCH] Drop unneeded capabilities

[Jefferson Ogata <Jefferson.Ogata () noaa gov>]

Pekka Savola wrote:
> On Wed, 23 Jun 2004, Matt Beaumont wrote:
> > I've written a little patch to drop all but the CAP_NET_ADMIN and
> > CAP_NET_RAW capabilities immediately if tcpdump is running with root
> > privileges.  The idea is to limit the damage done by an exploit
> > against tcpdump.
> >
> > Some of the inspiration for this patch came from here:
> > <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html>
> >
> > This is the first patch I've ever submitted, so I'd love to hear some
> > feedback :)
>
> Have you checked the code in the CVS?  It already includes a 
> "droproot" option.
>
> Yours is slightly different, though, as it uses (Linux-specific?) 
> capabilities.  I'm not sure if it's necessary when we already drop the 
> root privileges.

Capabilities are a much better approach than simply dropping root. Dropping 
capabilities can restrict the process far more than simply having it run as a 
regular user. While it's true that some OSes are sorely behind the times and 
don't support capabilities, it's still useful to have the infrastructure in 
place for the modern ones that do.

--
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.