On 2012-06-07 12:02, Mark Benson wrote:
On 7 Jun 2012, at 10:32, Dave McGuire<mcguire at neurotica.com> wrote:
On 06/07/2012 05:09 AM, Johnny Billquist wrote:
Indeed. In addition to the fact that I'm not clear what security threat
we're talking about here...
I'm not convinced at all that there's any sort of security issue here.
It is marginally less secure based on thus:
Any OS can be violated to provide root access. In normal circumstances
the ethernet interface does not expose other packets. On a system
running with the interface in promiscuous mode it does expose other
packets. Thus if the system's security is breached (i.e. the box is
rooted) it exposes more than the normal level of information about
your network without the perpetrator needing to act (i.e. run a
scanner of their own) to get it.
Any program that needs access to raw ethernet packets needs to run as root. Promiscuous
mode or not. Promiscuous mode itself has little to do with this.
So if you want to run anything like a bridge or a router, you will need to run it as root.
Promiscuous mode is basically just allowing you to share the same interface as the system
is otherwise using, instead of having to dedicate a separate ethernet interface for this.
Still needs to run as root. With a separate interface you can skip promiscuous mode, since
you can change the MAC address to the "right" one instead.
Like I said it's minimal. If your box gets rooted you are screwed anyway ;)
Indeed. And it has nothing to do with promiscuous mode. It has everything to do with
running something as root, which is required if you ever want to talk ethernet.
But if someone gains access as root to the machine, then what the bridge program is doing
is totally irrelevant, since as root, you can do much more, much easier, than trying to
corrupt the bridge. You might as well just run your own bridge-like program...
Johnny
Show replies by date