>>>>> "Crist" == Crist J Clark <[EMAIL PROTECTED]> writes:

    Crist> OK. Now you've really lost me. What do ports have to do with
    Crist> this?  Which ports? None of the sniffing programs I am aware
    Crist> of use set{g,u}id bits. They rely on the permissions of the
    Crist> user running them.

Sorry -- keyboard and brain disconnect on my part.  What I was trying to
get at was the need to run sniffers as root by default.  The fewer
things that need to be run as root, the better (e.g. I don't want snort
and trafdump running as root on my firewalls if I can avoid it).
Programs like snort can attempt to lose uid-0 after opening the bpf
device, but others like tcpdump do not.

As David Wolfskill mentioned in a previous message, this idea is the
same as how the operator group is used for dump.  kmem did the same
thing for ps and top.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to