On Wed, 21 Jan 2004, Andrew Pimlott wrote: > On Wed, Jan 21, 2004 at 08:05:27AM +0200, Pekka Savola wrote: > > As for why I went for "pcap" instead of nobody in the first place.. > > Red Hat bundles tcpdump with arpwatch, which I also coded to drop root > > privileges. Picking a specific user name for these two purposes > > seemed only logical. (Arpwatch has to maintain a couple of files owned > > by 'pcap' as well.) > > I agree that picking a new user for this purpose is a sound choice. > However, if this user owns files (especially ones that might be run > or otherwise used by root), it seems to defeat the purpose.
The file (arp.dat) required to be writable by arpwatch is not executable, so this is not a big worry. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
