Ethereal-dev: Re: Fwd: Re: [Ethereal-dev] Ethereal patch: limit capability set under Linux

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Sebastien Raveau <sebastien.raveau@xxxxxxxx>
Date: Fri, 17 Jun 2005 23:10:05 +0200
On Friday 17 June 2005 22:36, Ulf Lamping wrote:
> Thomas Anders wrote:
> > Ulf Lamping wrote:
> >> Wouldn't it be a good idea to do it the other way round? Usually running
> >> Ethereal in user level and raise capabilities (somehow like su does it),
> >> when needed while capturing.
> >
> > Unless we're talking about different things here, there's no painless
> > way to "raise capabilities" -- and that's by intention since it's the
> > whole point of dropping (or not having) them in the first place.
>
> Yes, a program shoulnd't be able to raise privileges "on it's own".
>
> I've seen such a mechanism e.g. when starting synaptic. If the user
> doesn't have enough privileges, there's a dialog box popping up asking
> for root password. I'm unsure if it's done by some kind of graphical su?
>
> After the changes I've done "recently", we always use a two task model
> to capture packets, so this "su model" could be added to Ethereal somehow.

You could have a small helper process running as root whose job would just be:
1/ spawn a child process with user priviledges, with all the business logic
2/ open/close the capture device and feed what it reads from it to the 
business logic via a UNIX socket

Maybe it is what you meant by "two task model", but I wasn't sure :-)

By the way: it would then be a good idea to authenticate the client connecting 
on the UNIX socket with getpeereid(), to prevent unwanted access to the 
capture flow.


Best regards,

-- 
Sébastien Raveau
computer and network security student
head of the hawKeye network monitor project
http://hawkeye.sourceforge.net/

Attachment: pgpJLjF4u5AP7.pgp
Description: PGP signature