From owner-freebsd-questions Thu Dec 3 10:18:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA03722 for freebsd-questions-outgoing; Thu, 3 Dec 1998 10:18:47 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA03667 for ; Thu, 3 Dec 1998 10:18:24 -0800 (PST) (envelope-from ben@scientia.demon.co.uk) Received: from ben by scientia.demon.co.uk with local (Exim 2.054 #3) id 0zlc7D-00057b-00; Thu, 3 Dec 1998 17:00:31 +0000 Date: Thu, 3 Dec 1998 17:00:31 +0000 From: Ben Smithurst To: Roman Katsnelson Cc: "q's" Subject: Re: sniffer Message-ID: <19981203170031.A19682@scientia.demon.co.uk> References: <36657AD5.1F79504B@atlas-design.net> <19981202200327.C366@scientia.demon.co.uk> <3665A44D.C8DDB6A@atlas-design.net> <19981202204128.A1283@scientia.demon.co.uk> <3665B2AC.505ECA28@atlas-design.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <3665B2AC.505ECA28@atlas-design.net> User-Agent: Mutt/0.94.17i (FreeBSD/3.0-CURRENT) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Roman Katsnelson wrote: > Reasons exist for us to have it running over web; with a CGI shell > script running it. Which httpd doesn't run as root; which means I'd need > to setuid it. I can see it being a slight privacy nuisance but would it > be a real security hazard? If the machine is only a web server, and the CGI script is careful with what it sniffs, it might not be too bad. If however you have normal users, I wouldn't want those running it. You could also make it mode 4550, with the group as whichever group your web server runs as ("www" for example), this would prevent normal users running it. -- Ben Smithurst ben@scientia.demon.co.uk send a blank message to ben+pgp@scientia.demon.co.uk for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message