diff options
| author | pjd <pjd@FreeBSD.org> | 2013-07-07 21:19:53 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2013-07-07 21:19:53 +0000 |
| commit | c7afd8bc1ce7d30cf3c06744ab5ec357278e4c1c (patch) | |
| tree | b9291f7f02737e7dd33648c60115d0dfe85be0c3 /bin/sh/TOUR | |
| parent | c7a08860c7318f3a69d72095a4ed7d5038b29e63 (diff) | |
| download | FreeBSD-src-c7afd8bc1ce7d30cf3c06744ab5ec357278e4c1c.zip FreeBSD-src-c7afd8bc1ce7d30cf3c06744ab5ec357278e4c1c.tar.gz | |
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'bin/sh/TOUR')
0 files changed, 0 insertions, 0 deletions
