tcpdump -z


This is a froward message from tcpdump-workers mail list:

=== 8< ================ >8 ===
From: ef <>
Subject: tcpdump -z: command execution
Date: Fri, 27 Aug 2010 09:33:48 +0200
To: tcpdump-workers@xxxxxxxxxxxxxxxxx


Thx for tcpdump, very valuable tool!

Was looking at the new version of tcpdump a few days ago and saw this
Used in conjunction with the -C or -G options, this will make tcpdump run "
command file " where file is the savefile being closed after each rotation.
For example, specifying -z gzip or -z bzip2 will compress each savefile
using gzip or bzip2.
Note that tcpdump will run the command in parallel to the capture, using the
lowest priority so that this doesn't disturb the capture process.
And in case you would like to use a command that itself takes flags or
different arguments, you can always write a shell script that will take the
savefile name as the only argument, make the flags & arguments arrangements
and execute the command that you want.

I think there are many environments that restrict users but give access to
tcpdump via sudo. With this option tcpdump can execute any command:

$ ./tcpdump -V
tcpdump version 4.1.1

$ sudo ./tcpdump -i any -G 1 -z ./ -w dump port 55555
[sudo] password for user:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size
65535 bytes
(generate some traffic on port 55555)
root@blaa ~/temp/tcpdump-4.1.1$ id
uid=0(root) gid=0(root) groups=0(root)

$ cat

Is this known and accepted? Could this option maybe be implemented

=== 8< ================ >8 ===

WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@xxxxxxx
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][][LJ:/nuclight]

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"