You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the ngrep manpage, in reference to the -R command line option, it reads
Do not try to drop privileges to the DROPPRIVS_USER
However, there is no other use of DROPPRIVS_USER in the man page and it is left undefined.
Written as is, due to conventions commonly used in some manpages and command line help text, a user may mistakenly assume that DROPPRIVS_USER can be specified at runtime such as via an argument to the option, environmental variable, or key in a configuration file despite it being statically set at compile time. Considering the potential unforeseen security implications of a user acting on that assumption (or time spent investigating), it may be prudent to update the manpage to remove the opportunity for confusion.
Potential options could be to remove the reference to DROPPRIVS_USER all together or instead elaborate that DROPPRIVS_USER is a compile time option and optionally mention the default value or insert the value used into the manpage at build time.
The text was updated successfully, but these errors were encountered:
In the ngrep manpage, in reference to the
-Rcommand line option, it readsHowever, there is no other use of
DROPPRIVS_USERin the man page and it is left undefined.Written as is, due to conventions commonly used in some manpages and command line help text, a user may mistakenly assume that
DROPPRIVS_USERcan be specified at runtime such as via an argument to the option, environmental variable, or key in a configuration file despite it being statically set at compile time. Considering the potential unforeseen security implications of a user acting on that assumption (or time spent investigating), it may be prudent to update the manpage to remove the opportunity for confusion.Potential options could be to remove the reference to
DROPPRIVS_USERall together or instead elaborate thatDROPPRIVS_USERis a compile time option and optionally mention the default value or insert the value used into the manpage at build time.The text was updated successfully, but these errors were encountered: