Re: bin/48005 (tcpdump: option -C broken)

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,joern.clausen%uni-bielefeld.de@localhost
Subject: Re: bin/48005 (tcpdump: option -C broken)
From: "David H. Gutteridge" <dhgutteridge%sympatico.ca@localhost>
Date: Wed, 22 Mar 2017 20:05:02 +0000 (UTC)

The following reply was made to PR bin/48005; it has been noted by GNATS.

From: "David H. Gutteridge" <dhgutteridge%sympatico.ca@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Wed, 22 Mar 2017 16:02:01 -0400

 >I learned that tcpdump has this option from your bug report and decided
 >to modify the pkgsrc package to do the same since it can do it too.
 >Thanks for mentioning it.
 >
 >I think it's more than worth it, tcpdump recently had the following
 >advisory: http://seclists.org/oss-sec/2017/q1/230 (All of them are the
 >same error).

 Sure, but this change violates "the principle of least surprise", since
 it significantly alters how the software behaves. At the least, the
 pkgsrc version should have a MESSAGE file provided that warns users it
 runs unprivileged by default, since this will break the very
 functionality under discussion in this PR. (And it will still behave
 inconsistently from the native NetBSD version concerning the initial
 output file.)

 It's frustrating that tools like this are altered and then these
 alterations are not fully documented, as is presently the case with
 the native NetBSD version (which opens the initial input file before
 dropping privileges, unlike upstream tcpdump).

 Dave

Prev by Date: Re: port-shark/52102: shark: ffs_newvnode panic when unpacking sets installing -current
Next by Date: Re: port-shark/52102: shark: ffs_newvnode panic when unpacking sets installing -current
Previous by Thread: Re: bin/48005 (tcpdump: option -C broken)
Next by Thread: Re: bin/48005 (tcpdump: option -C broken)
Indexes:

Home | Main Index | Thread Index | Old Index