Ethereal-dev: Re: [Ethereal-dev] Running Ethereal as an unprivileged user

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 10 Sep 2003 15:56:19 -0700

On Sep 10, 2003, at 3:40 PM, Richard Urwin wrote:

Here is a C program that demonstrates using Linux (POSIX.1e)
capabilities to run as a normal user but keeping certain privilages.

It runs, as can be seen below, under a standard MDK9.1 kernel. In fact
it should work under any kernel from 2.2.19 onward.

Yes, but is there some way of achieving this *without* adding code to the application?

E.g., can a user be given the CAP_NET_RAW and CAP_NET_ADMIN capabilities (although I think CAP_NET_ADMIN gives capabilities not needed - too bad there's no CAP_NET_JUST_ENUMERATE_THE_DAMN_NETWORK_INTERFACES or something such as that; do you need CAP_NET_ADMIN to use "getifaddrs()" on those Linuxes that have it?), as part of the appropriate capability sets, in such a way that their login processes get them and either

	1) all programs

or

	2) all programs with those capabilities

get them in their "effective capabilities" set?

Your test program appears to be running with an effective UID of root; it'd be nice if Ethereal/Tethereal/tcpdump/etc. didn't have to be run with an effective UID of root at all (not even if they give it up as soon as they get the appropriate capabilities).

I propose that we add this functionality into Ethereal, when built on
Linux, and when libcap and the kernel headers are available.

Should it go there, or should it go in libpcap, so that *all* libpcap applications work that way?