Ethereal-dev: Re: Fwd: Re: [Ethereal-dev] Ethereal patch: limit capability set under Linux

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Sebastien Raveau <sebastien.raveau@xxxxxxxx>
Date: Fri, 17 Jun 2005 23:10:05 +0200
On Friday 17 June 2005 22:36, Ulf Lamping wrote:
> Thomas Anders wrote:
> > Ulf Lamping wrote:
> >> Wouldn't it be a good idea to do it the other way round? Usually running
> >> Ethereal in user level and raise capabilities (somehow like su does it),
> >> when needed while capturing.
> >
> > Unless we're talking about different things here, there's no painless
> > way to "raise capabilities" -- and that's by intention since it's the
> > whole point of dropping (or not having) them in the first place.
>
> Yes, a program shoulnd't be able to raise privileges "on it's own".
>
> I've seen such a mechanism e.g. when starting synaptic. If the user
> doesn't have enough privileges, there's a dialog box popping up asking
> for root password. I'm unsure if it's done by some kind of graphical su?
>
> After the changes I've done "recently", we always use a two task model
> to capture packets, so this "su model" could be added to Ethereal somehow.

You could have a small helper process running as root whose job would just be:
1/ spawn a child process with user priviledges, with all the business logic
2/ open/close the capture device and feed what it reads from it to the 
business logic via a UNIX socket

Maybe it is what you meant by "two task model", but I wasn't sure :-)

By the way: it would then be a good idea to authenticate the client connecting 
on the UNIX socket with getpeereid(), to prevent unwanted access to the 
capture flow.


Best regards,

-- 
Sébastien Raveau
computer and network security student
head of the hawKeye network monitor project
http://hawkeye.sourceforge.net/

Attachment: pgpm3ognJiSOf.pgp
Description: PGP signature