execap has to run as root to capture packets and to write log files but it
would be nice if the packet capturing code could drop privileges to reduce the
damage of an exploit.
I think the biggest hurdle will be in the exe saving portion. Perhaps the exe
directory should be owned by the execap user rather than root?
Original issue reported on code.google.com by bmenr...@ucsd.edu on 22 May 2011 at 5:34
Original issue reported on code.google.com by
bmenr...@ucsd.edu
on 22 May 2011 at 5:34