Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Oliver Fromme (olli_at_secnetix.de)
Date: Sat Jul 13 2002 - 12:31:27 CDT
FreeBSD Security Advisories <security-advisoriesfreebsd.org> wrote:
> IV. Workaround
> There is no workaround, other than not using tcpdump.
Well, you can at least set up the system in a way so you
don't have to run tcpdump as root: Create a special group,
chgrp /dev/bpf* to that group and make them group-readable
(writable is not required). Then add all users to that
group which should be allowed to use tcpdump.
An even better approach would be to create a pseudo user
(similar to the nobody user) which is a member of the
tcpdump group, and write a small wrapper script which
uses /usr/bin/su to call tcpdump as that pseudo-user.
Of course, that's only a quick workaround, not a solution.
It wouldn't close any potentially exploitable holes, but it
would make it a lot harder (maybe even impossible) for an
attacker to actually do any damage that way.
On a related matter: It would probably be a very good idea
for tcpdump to drop priviledges right after opening the BPF
-- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way.
"All that we see or seem is just a dream within a dream" (E. A. Poe)
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message