Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 199172

Summary: net-analyzer/tcpdump: use builtin chroot() call
Product: Gentoo Linux Reporter: Jukka Ruohonen <drear>
Component: New packagesAssignee: Gentoo Netmon project <netmon>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: example patch

Description Jukka Ruohonen 2007-11-14 20:05:29 UTC 
Since we now drop privileges to UID/GID "tcpdump", I see no reason why we should not use the builtin chroot-function. This was included in the version 3.9.3 (July 2005) and can be defined at built time with the --with-chroot=DIR switch. This does no harm and can provide a small security benefit.

An example patch is included (if nothing else, to demonstrate the little work involved).

Thank you.
Comment 1 Jukka Ruohonen 2007-11-14 20:06:07 UTC 
Created attachment 135988 [details, diff]
example patch
Comment 2 Jukka Ruohonen 2007-11-14 20:33:36 UTC 
Alternatively, if the global option is not suitable in some settings, we could provide the chroot-option as an use flag.
Comment 3 Cédric Krier gentoo-dev 2008-03-30 21:13:35 UTC 
Add chroot use flag in cvs
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2008-04-01 19:54:45 UTC 
Cédric why do you think we need USE flag for this feature? It seems better to have it enabled by default, or what do you think?
Comment 5 Cédric Krier gentoo-dev 2008-04-01 20:36:39 UTC 
(In reply to comment #4)
> Cédric why do you think we need USE flag for this feature? It seems better to
> have it enabled by default, or what do you think?
> 
I think it is more in the way gentoo works. As the mainstream put it as an option in the configure script, I think it is better to keep it also.
But I'm not against enabled it by default, we can perhaps use the EAPI=1 and add +chroot