>>>>> Adam Kirby writes:
Adam> I need to give some untrusted users on my system access to
Adam> tcpdump so that they can carry out some research work. Obviously
Adam> I'm concerned about the security issues and I certainly don't
Adam> want them to be able to view packet payloads. As I am not a
Adam> software developer my miserable attempts to alter the code and
Adam> prevent -x -X flages being used have proved futile.
I have submitted a patch about a year ago which does some of these
security things. In fact, it disables some options and promiscous mode
when you install and call tcpdump setuid root (which is probably what
you have in mind).
There have been lots of debates about this feature and the outcome was
that the patch is not in the tcpdump source tree. I am willing to wrap
up a new patch against the current source tree if the interest in this
patch has raised.
/js
--
Juergen Schoenwaelder Technical University Braunschweig
<[EMAIL PROTECTED]> Dept. Operating Systems & Computer Networks
Phone: +49 531 391 3289 Bueltenweg 74/75, 38106 Braunschweig, Germany
Fax: +49 531 391 5936 <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
