[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pfctl for non-root users



Seems to me that from a security perspective you'd never want to allow unprivileged users to have access to pf.
I don't believe it's ever been possible to run pfctl as non-root, so I don't think you can call it "broken."


--Matt

--On Monday, April 11, 2005 06:21:30 AM -0400 Jason Dixon <[email protected]> wrote:

On Apr 11, 2005, at 5:13 AM, Peter N. M. Hansteen wrote:

Jason Dixon <[email protected]> writes:

Is the ability to run pfctl (via sudo) as a non-root user still
broken? I've tested this on a 3.6 -release system, and /dev/pf is
still unavailable for non-root users.

[email protected]:~$ ls -l /dev/pf crw------- 1 root wheel 73, 0 Oct 19 00:02 /dev/pf

It certainly looks like being a member of wheel is a distinct
advantage,
at least.

What kinds of operations did you have in mind?

# su - hatchet $ pfctl -vsr pfctl: /dev/pf: Permission denied $ whoami hatchet $ groups hatchet wheel

Would eg a sensible authpf setup help achieve what you want to do?

It has nothing to do with my question.



-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net