|Summary:||PATCH: tcpdump to drop root by default|
|Product:||[Retired] Red Hat Raw Hide||Reporter:||Pekka Savola <pekkas>|
|Component:||tcpdump||Assignee:||Harald Hoyer <harald>|
|Status:||CLOSED RAWHIDE||QA Contact:|
|Fixed In Version:||Doc Type:||Enhancement|
|Doc Text:||Story Points:||---|
|Last Closed:||2001-09-04 09:37:08 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Pekka Savola 2001-07-22 11:55:53 UTC
Due to security considerations, it might be a good idea drop root by default as 'pcap' user is being added for arpwatch anyway as "-U user" is rather clumsy to use. add autoheader, configure --with-user=pcap and there you go :-) Naturally requires some basic username hacking in the src.rpm (potential problem: both arpwatch and tcpdump require pcap user; solution: make arpwatch require tcpdump >= 3.6.2-7 or the like)
Comment 1 Pekka Savola 2001-07-22 11:56:30 UTC
Created attachment 24490 [details] drop root by default
Comment 2 Harald Hoyer 2001-07-26 11:16:24 UTC
Question: Why can't we use nobody as a user, or does tcpdump need to write anything?
Comment 3 Harald Hoyer 2001-07-26 11:19:09 UTC
I think this would break all scripts that have: tcpdump -w file cause it is not assured, that user 'pcap' or any other default user has write access to 'file'. Or we disable the droproot, if -w is specified.. Comments?
Comment 4 Pekka Savola 2001-07-26 11:30:31 UTC
nobody is used for dropping root the most often, so if the uid=nobody is compromised, the damage might spread too far. With pcap, this would probably be more contained. Writing and reading files work because the patch is made so the dropping of privileges is only done after opening/creating the files.
Comment 5 Harald Hoyer 2001-09-04 09:24:21 UTC
Comment 6 Harald Hoyer 2001-09-04 09:25:52 UTC
oops... was, the drop by default ... hmm, not yet :)
Comment 7 Pekka Savola 2001-09-04 09:37:03 UTC
No big hurry with this I think.
Comment 8 Harald Hoyer 2002-01-17 15:25:36 UTC
should be fixed in 3.6.2-10 or newer