On Sep 12, 2014, at 4:08 PM, Michael Richardson <m...@sandelman.ca> wrote:
> > Michal Sekletar <msekl...@redhat.com> wrote: >> In the future I'd like to see pktdump to implement an architecture >> which would allow a user to run a packet dissector completely >> unprivileged. Meaning, that *all* privileged operations are done by a >> very tiny server program running on the side. We could then not >> implement equivalent of -Z option and possibly hook up the pktdump with >> an authentication mechanism like polkit or similar. > > How about: > sudo pktcap - | pktdump - > > (or some other setuid-gid-restricted goodness for pktcap. No clue if "pktcap" > is an available name, or if someone has a better name. "dumpcap" is already taken. :-) Some have argued in favor of running dissection in a context with *reduced* privileges, so that it can't, for example, do file system I/O, create processes, etc., at least not after it's ready any configuration etc. files it might have, with address-to-name resolution done in another process with sufficient privileges to read hosts files, talk to DNS servers, etc.. The intent is to protect against bugs that can be triggered by maliciously-crafted packets. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
