Date: Tue, 12 Jun 2001 20:55:48 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: <gzjyliu@public.guangzhou.gd.cn>, <hackers@FreeBSD.org> Subject: Re: [PATCH] Limited BPF to the specified program Message-ID: <20010612204504.S18144-100000@achilles.silby.com> In-Reply-To: <Pine.NEB.3.96L.1010612144412.75080C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Jun 2001, Robert Watson wrote: > One of the things I actually played with implementing in the past was in > effect an "ACL" of allowed BPF programs by-uid. When a BPF program was > bound to an interface, the bpfilter code would hash by uid, then do a > rather expensive walk down a list of "acceptable filters" and see if the > program matched. This meant that you could, for example, allow specific > users to monitor specific types of packets (such as a specific port). > Since there isn't really a canonical form other than the de facto form > libpcap generates bpf code in, there are some limits to this, but it > worked fairly well. I didn't attempt to deal with the "which interfaces > can they bind" issue, however. I can see if I can dig up the code, or > it's fairly easy to replicate if not. That'd be an excellent feature, perhaps it could be used to make dhclient / others non-root in the future. It's probably overkill for the issue at hand, though. I get the impression that the patch in question was meant to insure that a rooted box couldn't be used for sniffing (without a new kernel.) Of course, if you have the appropriate filter already sitting around, maybe you could wrap it in an #ifdef and put out the patch for testing. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010612204504.S18144-100000>