Hi, As there have been some buffer overflows recently (and despite best intentions, there will be more sooner or later), I thought to bring up an idea.. I've sent a patch to be able to drop root privs after getting the socket with -U switch. However, this is rather cumbersome to use. Perhaps if you don't specify -U root, and uid=pcap exists, tcpdump would automatically setuid to pcap. (exception is if tcpdump binary is setuid, then setuid to the running user as before). This way all packet dumping would always be made with non-privileged account, unless explicitly otherwise requested. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
