From owner-freebsd-security  Sun Jul 14  4:36: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2F8B737B400; Sun, 14 Jul 2002 04:36:01 -0700 (PDT)
Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A57F343E58; Sun, 14 Jul 2002 04:36:00 -0700 (PDT)
	(envelope-from Alexander@Leidinger.net)
Received: from fwd09.sul.t-online.de 
	by mailout07.sul.t-online.com with smtp 
	id 17ThfT-00035g-01; Sun, 14 Jul 2002 13:35:59 +0200
Received: from Andro-Beta.Leidinger.net (520065502893-0001@[217.229.220.246]) by fmrl09.sul.t-online.com
	with esmtp id 17ThfM-1we4NUC; Sun, 14 Jul 2002 13:35:52 +0200
Received: from Magelan.Leidinger.net (Magelan [192.168.1.1])
	by Andro-Beta.Leidinger.net (8.11.6/8.11.6) with ESMTP id g6EBZpx07681;
	Sun, 14 Jul 2002 13:35:51 +0200 (CEST)
	(envelope-from Alexander@Leidinger.net)
Received: from Leidinger.net (netchild@localhost [127.0.0.1])
	by Magelan.Leidinger.net (8.12.5/8.12.5) with ESMTP id g6EBZhxQ064314;
	Sun, 14 Jul 2002 13:35:47 +0200 (CEST)
	(envelope-from netchild@Leidinger.net)
Message-Id: <200207141135.g6EBZhxQ064314@Magelan.Leidinger.net>
Date: Sun, 14 Jul 2002 13:35:43 +0200 (CEST)
From: Alexander Leidinger <Alexander@Leidinger.net>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:29.tcpdump
To: cjc@FreeBSD.ORG
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20020714085734.GD56656@blossom.cjclark.org>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
X-Sender: 520065502893-0001@t-dialin.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 14 Jul, Crist J. Clark wrote:

>> On a related matter:  It would probably be a very good idea
>> for tcpdump to drop priviledges right after opening the BPF
>> device.
> 
> tcpdump(8) never has elevated privileges. It just runs as whoever
> executes it. As you say, the way to run it at lower privileges is to
> give a less privileged user read access to the bpf(4) devices.

It could drop privileges (su to another UID like a never OpenSSH or
Apache does it) if it gets run by root...

Bye,
Alexander.

-- 
                   It's not a bug, it's tradition!

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message