In particular, this allows members of the network group to monitor traffic without running with root privileges.

It also lets those members inject packets... maybe the suggested permissions should be 0640 at least?

Sorry for slightly switching context. This actually links to the recent "regression" that I planted. With a new API to get exact list of possible bpf taps, instead of guessing via getifaddrs(3) + list USB buses, the building of the list requires privileges. Previously you could run tcpdump -D without privileges on FreeBSD, now it can't. The wireshark/tcpdump guys think that it is a regression and should be fixed.

There are two ways to solve:

1. Change permissions on /dev/bpf and do privileges checking inside the device code. Allow BIOCGETIFLIST for unprivileged user.
2. In libpcap fallback to getifaddrs(3)+/dev/usb guessing if opening /dev/bpf failed.

Your opinions?

In D56742#1299590, @markj wrote:

In particular, this allows members of the network group to monitor traffic without running with root privileges.

It also lets those members inject packets... maybe the suggested permissions should be 0640 at least?

Done. I was using the setting 0660 for years since it was suggested in pkg-message.

In D56742#1299817, @glebius wrote:

Sorry for slightly switching context. This actually links to the recent "regression" that I planted. With a new API to get exact list of possible bpf taps, instead of guessing via getifaddrs(3) + list USB buses, the building of the list requires privileges. Previously you could run tcpdump -D without privileges on FreeBSD, now it can't. The wireshark/tcpdump guys think that it is a regression and should be fixed.

I can understand that.

There are two ways to solve:

1. Change permissions on /dev/bpf and do privileges checking inside the device code. Allow BIOCGETIFLIST for unprivileged user.
2. In libpcap fallback to getifaddrs(3)+/dev/usb guessing if opening /dev/bpf failed.

Your opinions?

I would tend to 2. I guess most people run at least wireshark with 0660 on bpf devices, since this is what it recommended when the port is installed, they would get the new code with higher quality output. The rest gets what it was getting earlier.

In D56742#1299817, @glebius wrote:

Sorry for slightly switching context. This actually links to the recent "regression" that I planted. With a new API to get exact list of possible bpf taps, instead of guessing via getifaddrs(3) + list USB buses, the building of the list requires privileges. Previously you could run tcpdump -D without privileges on FreeBSD, now it can't. The wireshark/tcpdump guys think that it is a regression and should be fixed.

There are two ways to solve:

1. Change permissions on /dev/bpf and do privileges checking inside the device code. Allow BIOCGETIFLIST for unprivileged user.

We shouldn't do privilege checking after the /dev/bpf file descriptor has been obtained.

2. In libpcap fallback to getifaddrs(3)+/dev/usb guessing if opening /dev/bpf failed.

Your opinions?

It must be 2) IMO. Isn't that also required to support running new libpcap on FreeBSD? There are supported releases which do not have BIOCGETIFLIST.