-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Brian Kim escreveu: :: Hello all, :: I'd like to give regular users the ability to sniff :: packets (and possibly drop the NIC into promiscuous :: mode?), without having to deal with sudo or su. How :: could I go about doing this? And if you provide a :: solution, what sorts of security concerns does it :: present, aside from the obvious "anyone can see :: anything" sort of concern?
First of all, there is the important fact of what "anyone can see anything" is, as "s. keeling" already pointed, the use of tcpdump and ethereal are very (and potential) harmful.
Second, what problem exactly are you trying to solve, sometimes in security we ask help to do something, but there are better ways to work on that. If you could explain your idea instead of just ask for a specific solution, perhaps we can help you even better.
The third point is that, *maybe*, there are some capabilities inside the kernel that could handle that, I'm not sure but the idea/concept exists.
I don't exactly, but, if you already allow your users to use sudo/su solutions, why are you trying to change it and... if you are planning to use any "non encrypted" authentication protocol over the network, your users will have access to things like "root pass".
The mais problem I see, is that we cannot provide a solution if we don't know exactly what is the problem.
Cheers,
- -- ////////// // Felipe Augusto van de Wiel (faw) <[EMAIL PROTECTED]> // GUD-PR / DUG-PR || http://www.debian-pr.org // GUD-BR / DUG-BR || http://www.debian-br.org // Debian Project || http://www.debian.org/ ////////// -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFCJhHVCjAO0JDlykYRAl2zAJ9ExqwLf/Tvz97xE+iHioH3YJUxsQCbBMUL gIrA4rGzQA++AmbXUz11CBM= =qhdX -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
