From owner-freebsd-current Sat Apr 20 15:27:28 2002 Delivered-To: freebsd-current@freebsd.org Received: from orthanc.ab.ca (orthanc.ab.ca [216.123.203.186]) by hub.freebsd.org (Postfix) with ESMTP id 6FE3437B41D for ; Sat, 20 Apr 2002 15:27:20 -0700 (PDT) Received: from orthanc.ab.ca (localhost.orthanc.ab.ca [127.0.0.1]) by orthanc.ab.ca (8.11.6/8.11.6) with ESMTP id g3KMRIJ39147; Sat, 20 Apr 2002 16:27:18 -0600 (MDT) (envelope-from lyndon@orthanc.ab.ca) Message-Id: <200204202227.g3KMRIJ39147@orthanc.ab.ca> From: Lyndon Nerenberg Organization: The Frobozz Magic Homing Pigeon Company To: cjclark@alum.mit.edu Cc: freebsd-current@FreeBSD.ORG Subject: Re: Adding a 'bpf' group for /dev/bpf* In-reply-to: Your message of "Sat, 20 Apr 2002 15:11:52 PDT." <20020420151152.E76898@blossom.cjclark.org> X-Mailer: mh-e 5.0.92; MH 6.8.4; Emacs 21.1 Date: Sat, 20 Apr 2002 16:27:18 -0600 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >>>>> "Crist" == Crist J Clark writes: Crist> OK. Now you've really lost me. What do ports have to do with Crist> this? Which ports? None of the sniffing programs I am aware Crist> of use set{g,u}id bits. They rely on the permissions of the Crist> user running them. Sorry -- keyboard and brain disconnect on my part. What I was trying to get at was the need to run sniffers as root by default. The fewer things that need to be run as root, the better (e.g. I don't want snort and trafdump running as root on my firewalls if I can avoid it). Programs like snort can attempt to lose uid-0 after opening the bpf device, but others like tcpdump do not. As David Wolfskill mentioned in a previous message, this idea is the same as how the operator group is used for dump. kmem did the same thing for ps and top. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message