On Fri, Jun 22, 2001 at 11:07:37AM +0200, Ralf Hildebrandt wrote:
> I think it must be made setuid(root).
...which would let *anybody* who can log into that machine do packet
sniffing, which the administrators of that machine might not want. It
would also let them read any capture file root can read, even if the
user can't read it, *and* would let any user scribble on any file root
can write, by using the "-w" flag. (They can't write arbitrary data to
the file, but they could damage it by overwriting it with a capture.)
"sudo", as per my other mail, is another way of letting ordinary users
perform some operations as root, and lets the administrator restrict
what commands a particular user can run as root.
(This is why I like systems that allow particular users to be granted
the right to do packet sniffing, by:
changing the permissions on particular devices - although that
might not be sufficient to allow *promiscuous* captures on OSes,
such as some versions of Solaris, that appear only to let root
set promiscuous mode, which is annoying as non-promiscuous
captures on Solaris don't appear to see outgoing packets
or
by granting users the CAP_NET_RAW capability, although there
doesn't yet appear to be any userland support in the libraries
and utilities on Linux distributions to do that.
That way, you don't have to give tcpdump or Ethereal or... root
privileges in order to let them capture packets.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
