OK I have put together instructions for compiling ethereal 0.10.14 on
-current/3.8.
In the included patch I have added code to ethereal, and tethereal to
change call setuid(uid_t nobody) after the capture device has been opened.
So once a capture has been made, the dissectors won't be running with not
be running with root privs.
Now I understand this is not full privsep in the manner done in
tcpdump(1), and npt, however I am current working on that, and hopefully
can have a port ready for testing shortly.
Here is an example session.
# ethereal
^Z[1] + Suspended ethereal
# bg
[1] ethereal
!CAPTURE STARTED HERE FROM GUI
# ps auxwww|grep ethereal
root 25479 3.7 4.9 17672 25536 p0 S 12:08AM 0:01.27 ethereal
nobody 13239 3.1 3.9 4792 20152 p0 S 12:09AM 0:00.33
ethereal-capture -i em0 -f not (tcp port 31944 and ip host 192.168.0.34
and tcp port 22 and ip host 192.168.0.200) (ethereal)
# ps auxwww|grep ethereal
root 25479 1.9 4.9 17680 25544 p0 S 12:08AM 0:01.44 ethereal
nobody 13239 0.6 3.9 4792 20152 p0 S 12:09AM 0:00.33
ethereal-capture -i em0 -f not (tcp port 31944 and ip host 192.168.0.34 and tcp
port 22 and ip host 192.168.0.200) (ethereal)
!CAPTURE STOPPED AND DECODING OF CAPTURE TRACE BEGUN
# ps auxwww|grep ethereal
nobody 25479 4.4 5.5 30584 28668 p0 S 12:08AM 0:02.44 ethereal
Now this I have been told can be broken out of, and is not as secure as
true privsep.
But I would like to think it buys me more than just running it with
constant full root privs.
Flames and comments welcome.
And finally the url
http://www.linbsd.org/http://www.linbsd.org/ethereal_on_openbsd38.html
-Ober
