Hi *,
Going through the Debian bug reports on tcpdump I found this one:
On Mon, Mar 05, 2001 at 07:19:46PM -0600, Debian Bug Tracking System wrote:
>
> Debian Bug report logs - #81335
> tcpdump: tcpdump -w file should be mode 0600
> Date: Fri, 5 Jan 2001 21:45:20 +0100
> From: Marek Michalkiewicz <[EMAIL PROTECTED]>
> Subject: tcpdump: tcpdump -w file should be mode 0600
> To: [EMAIL PROTECTED]
>
> Package: tcpdump
> Version: 3.4a6-6
> Severity: wishlist
>
> The file created with the tcpdump -w option is mode 0644 by default.
> While it is possible to work around it (umask 077), I think the file should
> be created with mode 0600 unconditionally, as it might contain sensitive
> information (only root can sniff network traffic for the same reason).
>
> This is a feature request, but may be considered a security hole too...
What do you think? I wanted to attach a simple patch but since fopen is
used for opening the file and since there is a windows port of libpcap
it is not quite that easy. One could as well invoke umask in tcpdump's
main if available.
Comments?
Thanks
Torsten
PGP signature
