Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 176391 - net-analyzer/tcpdump - drop privileges by default at compile time
Summary: net-analyzer/tcpdump - drop privileges by default at compile time
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Netmon Herd
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-28 19:01 UTC by Jukka Ruohonen
Modified: 2011-03-11 01:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jukka Ruohonen 2007-04-28 19:01:05 UTC
Like the man-page of tcpdump says, the option -Z (drop privileges from root to an user) can be enabled by default at compile time (by --with-user=USERNAME).

This is a request to make that behavior to be enabled by default. 

This request fits to any reasonable security-related policy. But if there is some specific reason not to follow this practice (i.e. this will probably mean an addition of tcpdump-user or usage of some existing default user account?), please kindly ignore this request.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2007-04-29 04:49:42 UTC
Jukka, you can use EXTRA_ECONF="--with-user=USERNAME" emerge tcpdump or if you want not to loose this setting on re-emerge save this environment variable in /etc/portage/env/net-analyzer/tcpdump to get desired behaviour.

$ cat /etc/portage/env/net-analyzer/tcpdump
EXTRA_ECONF="--with-user=pva"

No need to fix anything. :)
Comment 2 Jukka Ruohonen 2007-04-29 06:39:10 UTC
I was completely unaware of such environmental variables, and therefore, thank you.

Can I further confirm that there is generally no aims for such behavior to be enabled by default with potentially risky packages related to network sphere? 

(As tcpdump is just a small example regarding the general question, this seems to be the policy followed by Red Hat, for an instance[1].)

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0194
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2007-04-29 11:12:53 UTC
tcpdump is not a server application and is just debugging tool. It could be configured from command line and for build process an easy way to archive goal exist... But well. Let's keep this as an enhancement.
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2007-05-05 19:15:44 UTC
I think having this enabled can be useful.
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2007-07-10 13:46:18 UTC
Well. I've commited fix in tcpdump-3.9.6-r1 and tcpdump-3.9.5-r3. Now we create tcpdump user and drop privileges by default.
Comment 6 Jukka Ruohonen 2007-08-27 13:49:18 UTC
I won't reopen this one, but I am nevertheless curious why this feature was removed from the 1.3.7?
Comment 7 Cédric Krier gentoo-dev 2007-08-27 22:03:14 UTC
I re-enable the feature in cvs in version 3.9.7-r1
Comment 8 dacook 2011-03-11 01:02:29 UTC
Note I've submitted bug 358329 to reverse this choice, or to make it USE configurable, and explain why in that bug.