From owner-freebsd-hackers  Tue Jun 12 18:55:52 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39])
	by hub.freebsd.org (Postfix) with ESMTP id 70E0E37B403
	for <hackers@FreeBSD.org>; Tue, 12 Jun 2001 18:55:50 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: (qmail 18251 invoked by uid 1000); 13 Jun 2001 01:55:48 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 13 Jun 2001 01:55:48 -0000
Date: Tue, 12 Jun 2001 20:55:48 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: <gzjyliu@public.guangzhou.gd.cn>, <hackers@FreeBSD.org>
Subject: Re: [PATCH] Limited BPF to the specified program
In-Reply-To: <Pine.NEB.3.96L.1010612144412.75080C-100000@fledge.watson.org>
Message-ID: <20010612204504.S18144-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On Tue, 12 Jun 2001, Robert Watson wrote:

> One of the things I actually played with implementing in the past was in
> effect an "ACL" of allowed BPF programs by-uid.  When a BPF program was
> bound to an interface, the bpfilter code would hash by uid, then do a
> rather expensive walk down a list of "acceptable filters" and see if the
> program matched.  This meant that you could, for example, allow specific
> users to monitor specific types of packets (such as a specific port).
> Since there isn't really a canonical form other than the de facto form
> libpcap generates bpf code in, there are some limits to this, but it
> worked fairly well.  I didn't attempt to deal with the "which interfaces
> can they bind" issue, however.  I can see if I can dig up the code, or
> it's fairly easy to replicate if not.

That'd be an excellent feature, perhaps it could be used to make dhclient
/ others non-root in the future.  It's probably overkill for the issue at
hand, though.  I get the impression that the patch in question was meant
to insure that a rooted box couldn't be used for sniffing (without a new
kernel.)

Of course, if you have the appropriate filter already sitting around,
maybe you could wrap it in an #ifdef and put out the patch for testing. :)

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message