From owner-freebsd-security@FreeBSD.ORG Fri Aug 27 08:48:05 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83E351065672 for ; Fri, 27 Aug 2010 08:48:05 +0000 (UTC) (envelope-from freebsd-security@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 08E4E8FC19 for ; Fri, 27 Aug 2010 08:48:04 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OouMu-0008J8-N3 for freebsd-security@freebsd.org; Fri, 27 Aug 2010 10:33:00 +0200 Received: from nuclight.avtf.net ([217.29.94.29]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 27 Aug 2010 10:33:00 +0200 Received: from vadim_nuclight by nuclight.avtf.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 27 Aug 2010 10:33:00 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-security@freebsd.org From: Vadim Goncharov Date: Fri, 27 Aug 2010 08:32:50 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 58 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: nuclight.avtf.net X-Comment-To: All User-Agent: slrn/0.9.9p1 (FreeBSD) X-Mailman-Approved-At: Fri, 27 Aug 2010 11:13:24 +0000 Subject: tcpdump -z X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2010 08:48:05 -0000 Hi, This is a froward message from tcpdump-workers mail list: === 8< ================ >8 === From: ef Subject: tcpdump -z: command execution Date: Fri, 27 Aug 2010 09:33:48 +0200 To: tcpdump-workers@lists.tcpdump.org Hello, Thx for tcpdump, very valuable tool! Was looking at the new version of tcpdump a few days ago and saw this option: " -z Used in conjunction with the -C or -G options, this will make tcpdump run " command file " where file is the savefile being closed after each rotation. For example, specifying -z gzip or -z bzip2 will compress each savefile using gzip or bzip2. Note that tcpdump will run the command in parallel to the capture, using the lowest priority so that this doesn't disturb the capture process. And in case you would like to use a command that itself takes flags or different arguments, you can always write a shell script that will take the savefile name as the only argument, make the flags & arguments arrangements and execute the command that you want. " I think there are many environments that restrict users but give access to tcpdump via sudo. With this option tcpdump can execute any command: $ ./tcpdump -V tcpdump version 4.1.1 $ sudo ./tcpdump -i any -G 1 -z ./test.sh -w dump port 55555 [sudo] password for user: tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes (generate some traffic on port 55555) root@blaa ~/temp/tcpdump-4.1.1$ id uid=0(root) gid=0(root) groups=0(root) $ cat test.sh: #!/bin/bash /bin/bash Is this known and accepted? Could this option maybe be implemented differently? Regards, tazo === 8< ================ >8 === -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]