tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
tcpdump: drop privileges by default?
Hi.
Would it be reasonable to drop root privileges in tcpdump(1) by default?
As I see it, this does not limit the functionality of the program in any
way. Moreover, there are practically no maintenance costs; upstream code
supports this and the change would require only a small patch.[1]
On the other hand, this would clutter the system a little. It may also be
questionable if this adds any value in terms of security. Protocol parsers
are however always difficult to get right, and historically tcpdump(1) has
not been an exception. The program is sometimes also used to gather data
instead of just debugging.
Regards,
Jukka.
[1] Disclaimer: I am not sure if this is all that is required to add an user
and a directory to the default build.
Index: src/dist/tcpdump/tcpdump.8
===================================================================
RCS file: /cvsroot/src/dist/tcpdump/tcpdump.8,v
retrieving revision 1.16
diff -u -p -r1.16 tcpdump.8
--- src/dist/tcpdump/tcpdump.8 24 Jul 2007 12:41:07 -0000 1.16
+++ src/dist/tcpdump/tcpdump.8 9 Sep 2009 18:10:14 -0000
@@ -594,8 +594,6 @@ Drops privileges (if root) and changes u
.I user
and the group ID to the primary group of
.IR user .
-.IP
-This behavior can also be enabled by default at compile time.
.IP "\fI expression\fP"
.RS
selects which packets will be dumped.
Index: src/etc/group
===================================================================
RCS file: /cvsroot/src/etc/group,v
retrieving revision 1.23
diff -u -p -r1.23 group
--- src/etc/group 16 Oct 2007 02:47:14 -0000 1.23
+++ src/etc/group 9 Sep 2009 18:10:15 -0000
@@ -20,6 +20,7 @@ _proxy:*:21:
_timedc:*:22:
_sdpd:*:23:
_httpd:*:24:
+_tcpdump:*:25:
guest:*:31:root
nobody:*:39:
utmp:*:45:
Index: src/etc/master.passwd
===================================================================
RCS file: /cvsroot/src/etc/master.passwd,v
retrieving revision 1.39
diff -u -p -r1.39 master.passwd
--- src/etc/master.passwd 16 Oct 2007 02:47:14 -0000 1.39
+++ src/etc/master.passwd 9 Sep 2009 18:10:15 -0000
@@ -14,5 +14,6 @@ _proxy:*:21:21::0:0:Proxy Services:/none
_timedc:*:22:22::0:0:& pseudo-user:/nonexistent:/sbin/nologin
_sdpd:*:23:23::0:0:& pseudo-user:/nonexistent:/sbin/nologin
_httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin
+_tcpdump:*:25:25::0:0:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin
uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin
Index: src/etc/mtree/special
===================================================================
RCS file: /cvsroot/src/etc/mtree/special,v
retrieving revision 1.129
diff -u -p -r1.129 special
--- src/etc/mtree/special 25 Jul 2009 16:20:10 -0000 1.129
+++ src/etc/mtree/special 9 Sep 2009 18:10:15 -0000
@@ -393,6 +393,7 @@
./var/chroot/ntpd/var/run type=dir mode=0775 gname=ntpd
./var/chroot/pflogd type=dir mode=0755
./var/chroot/sshd type=dir mode=0755
+./var/chroot/tcpdump type=dir mode=0755
./var/chroot/tftp-proxy type=dir mode=0755
./var/cron type=dir mode=0755
./var/cron/tabs type=dir mode=0700
Index: src/usr.sbin/tcpdump/Makefile
===================================================================
RCS file: /cvsroot/src/usr.sbin/tcpdump/Makefile,v
retrieving revision 1.49
diff -u -p -r1.49 Makefile
--- src/usr.sbin/tcpdump/Makefile 22 Apr 2009 15:23:09 -0000 1.49
+++ src/usr.sbin/tcpdump/Makefile 9 Sep 2009 18:12:04 -0000
@@ -75,6 +75,9 @@ CPPFLAGS+=-DLBL_ALIGN=1
CPPFLAGS+=-DTCPDUMP_DO_SMB=1
CPPFLAGS+=-D_U_="__attribute__((unused))"
+CPPFLAGS+=-DWITH_USER=\"_tcpdump\"
+CPPFLAGS+=-DWITH_CHROOT=\"/var/chroot/tcpdump\"
+
.if (${USE_INET6} != "no")
SRCS+= print-ip6.c print-ip6opts.c print-ripng.c print-icmp6.c print-frag6.c \
print-rt6.c print-ospf6.c print-dhcp6.c
Home |
Main Index |
Thread Index |
Old Index