Privilege separated tcpdump(1)
Otto writes: "tcpdump(1) has a bad reputation; quite some vulnerabilities have
been found in it. Since tcpdump is run as root when capturing packets from an
interface, the impact of these vulnerabilities can be high.
● To reduce the risk of running tcpdump as root, tcpdump has been modified to
become privilege separated. The parsing and printing of the network packets
takes now place in an unprivileged, chrooted process.
● The work has been done by Can Erkin Acar and Otto Moerbeek.
Privilege Separated OpenSSH
We use an unprivileged child process to contain
and restrict the effects of programming errors. A
bug in the unprivileged child process does not
result in a system compromise. In other words,
the goal is complete privilege separation within in