CVSROOT: /cvs
Module name: src
Changes by: bry...@cvs.openbsd.org 2018/11/17 09:52:02
Modified files:
usr.sbin/tcpdump: privsep_pcap.c privsep.c
Log message:
tcpdump(8) monitor process privdrop
The privsep monitor process handles all privileged operations on behalf
of the unprivileged "packet parser" process. Once it enters its runtime
state, it only needs to:
* Perform DNS and other "numbers to names" lookups, sending results
back over a pipe/socketpair.
* Display the final packet statistics on ^C.
We can finally now drop root privileges in this process as well, as bpf
BIOCGSTATS is still permitted by non-root on open descriptors after it
has been permanently locked with BIOCLOCK. This provides some additional
protection, to go along with the already tight unveil(2) and pledge(2)
restrictions.
With this change tcpdump(8) completely drops root privileges at runtime.
ok mestre@, deraadt@
