Hi! I'd like to give some colleagues possibility to analyze and dump net traffic to files, but it seems that in order to do that I need to allow them to run a piece of software as root, when the software has a possibility to write to a user-defined file and it does it as root. In this case I believe they can write files where ever they want, also some things won't work (e.g. quotas).
The man page at http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html mentions "You must have read access to /dev/bpf*". While it is true requirement, seems like it is not sufficient to run tcpdump agains a network interface. It seems in order to do that one needs to run program as root, and making the binary suid root doesn't help here. When tcpdump is suid root, it goes as far as: ~ $ tcpdump tcpdump: ioctl: BIOCSETF: Operation not permitted ~ $ >From the source I see that the first thing the privileged parent process does is the following (file privsep.c, function priv_init): sigprocmask(SIG_SETMASK, &oset, NULL); /* Child - drop suid privileges */ gid = getgid(); uid = getuid(); So in case of suid scenario, the process loses suid power and then later on the following piece: case PRIV_SETFILTER: test_state(cmd, STATE_FILTER); impl_setfilter(socks[0], cmdbuf, &bpfd); break; calls impl_setfilter, which in turn calls setfilter, which in turn calls ioctl(bpfd, BIOCSETF, &fcode), which fails with the mentioned "ioctl: BIOCSETF: %s", strerror(errno) message. Was this code designed to be run as root (not just EUID 0)? I ask this because the code does not work otherwise. Man pages does not clearly state that and the code only looks for EUID to be 0 while it checks whether it will go any further and fails later when EUID is set to UID, and UID is not 0. Thanks!
