On January 20, 2004 at 17:40, Andrew Pimlott wrote: > Every once in a while there is a security alert about tcpdump being > hackable through one of the many protocol analyzers. Couldn't these > be prevented simply by unconditionally dropping privileges as soon > as the interface is opened? [snip]
I think so. I just a posted a patch for dropping priviledges in a similiar style that the RedHat port of tcpdump does. By default, it fallsback to the pcap userid, but you can also explicitly specify which user via a command-line option. The default user to fallback on should probably be a configure setting, but I did not mess with the autoconf stuff. --ewh - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
