On Sun, Feb 22, 2004 at 09:36:33AM +0200, Pekka Savola wrote:
> The current tcpdump just drops privileges before pretty much anything
> is done. Now looking at the code, maybe the privilege separation
> could be done even slightly earlier in the "pcap_open_live" branch,
> e.g., after pcap_open_live, but I haven't tested this. I guess it
> depends on whether pcap_set_datalink, pcap_snapshot (this one might
> be dangerous with root!) for or pcap_lookupnet requires root privileges.
"pcap_set_datalink()" doesn't, at least on the BSDs, require root
privileges; the ioctl either isn't present (in which case you can't set
the data link type) or is unprivileged.
Given that "pcap_snapshot()" just returns "p->snapshot", which is set
from the argument supplied to "pcap_open_live()" and from the capture
file header by "pcap_open_offline()", I'm not sure why it'd be dangerous
with root or why it'd require root privileges.
"pcap_lookupnet()", however, might well require extended privileges on
some OSes, in order to fetch the netmask for a given adapter.
However, on BSDs, even "pcap_open_live()" doesn't necessarily require
root privileges! It doesn't require them on my machines:
% ls -l /dev/bpf*
crw------- 1 guy wheel 23, 0 Jun 9 2002 /dev/bpf0
crw------- 1 guy wheel 23, 1 Jun 9 2002 /dev/bpf1
which means that I just run tcpdump - and Ethereal - as myself, and they
don't have any privileges to drop.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
