Date: Sat, 20 Apr 2002 16:27:18 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: cjclark@alum.mit.edu Cc: freebsd-current@FreeBSD.ORG Subject: Re: Adding a 'bpf' group for /dev/bpf* Message-ID: <200204202227.g3KMRIJ39147@orthanc.ab.ca> In-Reply-To: Your message of "Sat, 20 Apr 2002 15:11:52 PDT." <20020420151152.E76898@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Crist" == Crist J Clark <crist.clark@attbi.com> writes:
Crist> OK. Now you've really lost me. What do ports have to do with
Crist> this? Which ports? None of the sniffing programs I am aware
Crist> of use set{g,u}id bits. They rely on the permissions of the
Crist> user running them.
Sorry -- keyboard and brain disconnect on my part. What I was trying to
get at was the need to run sniffers as root by default. The fewer
things that need to be run as root, the better (e.g. I don't want snort
and trafdump running as root on my firewalls if I can avoid it).
Programs like snort can attempt to lose uid-0 after opening the bpf
device, but others like tcpdump do not.
As David Wolfskill mentioned in a previous message, this idea is the
same as how the operator group is used for dump. kmem did the same
thing for ps and top.
--lyndon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204202227.g3KMRIJ39147>