Re: tcpdump -z

看板FB_security作者時間15年前 (2010/08/27 20:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/13 (看更多)
On 08/27/2010 10:32 AM, Vadim Goncharov wrote: > This is a froward message from tcpdump-workers mail list: > === 8< ================>8 === > $ sudo ./tcpdump -i any -G 1 -z ./test.sh -w dump port 55555 > [sudo] password for user: > tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size > 65535 bytes > (generate some traffic on port 55555) > root@blaa ~/temp/tcpdump-4.1.1$ id > uid=0(root) gid=0(root) groups=0(root) > > Is this known and accepted? Could this option maybe be implemented > differently? In my opinion, if you allow people to run tools as root using sudo, you'd better make sure those tools don't allow attackers to easily gain root access. In the case of tcpdump, the '-w' flag most probably already allowed that, although '-z' is a bit more convenient to the attacker. As a solution, configure your sudo correctly, only allowing specific tcpdump command line options (or option sets) to be used. -- Pieter _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 pieter. 的文章
文章代碼(AID): #1CTwa3_q (FB_security)
更多 pieter. 的文章
文章代碼(AID): #1CTwa3_q (FB_security)