OpenBSD Journal

Privilege separated tcpdump(1)

Contributed by jose on from the yet-more-privsep dept.

Otto writes: "tcpdump(1) has a bad reputation; quite some vulnerabilities have been found in it. Since tcpdump is run as root when capturing packets from an interface, the impact of these vulnerabilities can be high.

To reduce the risk of running tcpdump as root, tcpdump has been modified to become privilege separated. The parsing and printing of the network packets takes now place in an unprivileged, chrooted process.

The work has been done by Can Erkin Acar and Otto Moerbeek. "

(Comments are closed)

  1. By Chris Walsh () on

    Privsep for tcpdump? I am very happy.

    I owe at least one person a beer.

    1. By Anonymous Coward () on

      I must be on crack, because since this happened I'm unable to get payload, only headers.

      1. By Otto () on

        Works fine here with, for example, -s 1500 -X

        Please file a complete bug report if you are able to reproduce the problem.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]