On Wed, 23 Jun 2004, Matt Beaumont wrote: > I've written a little patch to drop all but the CAP_NET_ADMIN and > CAP_NET_RAW capabilities immediately if tcpdump is running with root > privileges. The idea is to limit the damage done by an exploit > against tcpdump. > > Some of the inspiration for this patch came from here: > <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html> > > This is the first patch I've ever submitted, so I'd love to hear some > feedback :)
Hi, Have you checked the code in the CVS? It already includes a "droproot" option. Yours is slightly different, though, as it uses (Linux-specific?) capabilities. I'm not sure if it's necessary when we already drop the root privileges. Please have a look. Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
