-----BEGIN PGP SIGNED MESSAGE-----
In sandelman.project.tcpdump.workers, you wrote:
> - If root uses "tcpdump -Z nobody", he will not be able to read his own
> files with "-r" (my first patch had the same issue). I don't think
> this is desirable. He will also not be able to write his own files
> with "-w", and this problem existed in my patch as well. The simplest
> solution would seem to be doing the "-w" earlier, but I'm not sure.
> (This seems also to apply to -F, and perhaps something else I've
> missed in a quick scan of what happens after -Z is handled.)
And don't forget that -C permits rolling files, so one might have to
*recover* from chroot() to do that, and then become root again,
etc. Think about this for a moment.
It might be SIMPLER on many systems to just chown /dev/bpf* to the
right userid and run tcpdump, unpriveledged as that userid. I know not
every system can do that.
The right answer is that tcpdump needs to fork, drop priveledges in
the child, do all of the network I/O and printing there, and pipe
everything back to the parent for disk I/O.
That's a bigger project - making all the printing stuff into a library
is, in my opinion, the first step.
{In other news, I got the tcpdump-workers passphrase from Bill. I had to
recover the key itself from a damaged DOS file system on the USB key...}
Now, about 3.8.2/0.8.2!
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQDvNyYqHRg3pndX9AQHYAgQAm7+K7ql1J+Xj5Zo3ngYWdJcylfgduFZy
TmUS4Tp0cPSq90TMDDzQtQQSW6FieZGHujDMm65zBSWLGwHZ031xPzSqQ7B0Vobr
pG2aJyBDBPaOECdMVy63zh6ZAeyfKOZUrTdqfTACZJ4N7hzeC34PoodE37CC0oYQ
6tekR67o2zM=
=pg6g
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
