From owner-freebsd-current  Sat Apr 20 20:56:51 2002
Delivered-To: freebsd-current@freebsd.org
Received: from ion.gank.org (ion.gank.org [64.81.113.130])
	by hub.freebsd.org (Postfix) with ESMTP id 306DE37B404
	for <current@freebsd.org>; Sat, 20 Apr 2002 20:56:47 -0700 (PDT)
Received: from aldaris (dsl081-113-221.dfw1.dsl.speakeasy.net [64.81.113.221])
	by ion.gank.org (GankMail) with ESMTP id 02F78298
	for <current@freebsd.org>; Sat, 20 Apr 2002 22:59:02 -0500 (CDT)
Message-ID: <014601c1e8e8$8defe350$5f45a8c0@auir.gank.org>
Reply-To: "Craig Boston" <craig@gjgth.gank.org>
From: "Craig Boston" <craig@gjgth.gank.org>
To: <current@freebsd.org>
References: <20020420151152.E76898@blossom.cjclark.org> <200204202227.g3KMRIJ39147@orthanc.ab.ca> <20020420204245.F76898@blossom.cjclark.org>
Subject: Re: Adding a 'bpf' group for /dev/bpf*
Date: Sat, 20 Apr 2002 22:56:42 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Crist J. Clark wrote:

> These are actually very different in that they are set{u,g}id commands
> (well, ps(1) is not set{u,g}id anymore and is root:wheel owned). The
> sniffing tools we've been discussing, and pretty much all of the ones
> I've used, tcpdump(1), snort(8), nmap(1), etc., are not. When
> tcpdump(1) or one of these ports is installed, there is no reason to
> give it any special group ownership. The thing that determines whether
> someone can sniff is the {u,g}id of the user executing the
> command. The port's Makefile doesn't need to know anything about your
> /etc/group; it just installs the file -r-xr-x-r-x root:wheel. The
> local administrator simply needs to execute the simple commands I put
> in my last mail to give a group sniffing powers. The files'
> permissions and ownership are never changed.

Since -current by default uses devfs, is there a standard way to make the
ownership/permissions of device nodes "sticky" so that they persist across
boots?  Or should we just put the appropriate commands in rc.local ?

Besides bpf, this would be useful, for example, for people who want to
change permissions on cd-rom devices to 644 so that non-root users can make
iso images (or give a special group cd burner rights).

Craig


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message