From owner-freebsd-security Sun Jul 14 15: 5:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF96F37B400; Sun, 14 Jul 2002 15:05:29 -0700 (PDT) Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93D2743E4A; Sun, 14 Jul 2002 15:05:28 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.11.6/8.11.6) id g6EM5P541393; Mon, 15 Jul 2002 00:05:25 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Date: Mon, 15 Jul 2002 00:05:25 +0200 (CEST) Message-Id: <200207142205.g6EM5P541393@lurza.secnetix.de> From: Oliver Fromme To: freebsd-security@FreeBSD.ORG, "Crist J. Clark" Reply-To: freebsd-security@FreeBSD.ORG, "Crist J. Clark" Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:29.tcpdump In-Reply-To: <20020714085734.GD56656@blossom.cjclark.org> X-Newsgroups: list.freebsd-security User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.5-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Crist J. Clark wrote: > On Sat, Jul 13, 2002 at 07:31:27PM +0200, Oliver Fromme wrote: > > [...] > tcpdump(8) can still be exploited to run abitrary code as that user. That's what I wrote. > [...] > It's not really a workaround, it just mitigates the potential for > damage should the bug be exploited. Again, I wrote exactly that (in the part of my mail that you did not quote). > > On a related matter: It would probably be a very good idea > > for tcpdump to drop priviledges right after opening the BPF > > device. > > tcpdump(8) never has elevated privileges. Not trough s-bits, but ... > It just runs as whoever > executes it. ... which is usually root because of the default permissions of the /dev/bpf* devices. That's the problem. > As you say, the way to run it at lower privileges is to > give a less privileged user read access to the bpf(4) devices. Or let tcpdump drop it's root priviledges after opening the devices. That would be similar to what openssh does when priviledge separation is enabled. Or what BIND does when running it with the -u option. I think a _lot_ more software should take precautions like that, and there is no reason to exclude tcpdump. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message