Ethereal-users: Re: [Ethereal-users] Run as root not as any other user

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 16 May 2001 12:02:34 -0700 (PDT)
> Could you help me on the above issue ?

Linux allows its mechanism for capturing packets to be used only by the
processes running as the super-user and processes with the CAP_NET_RAW
capability.

The only fix is to

	1) get a version of login/xdm/kdm/gdm/etc. (the program that
	   logs you in to your machine) that lets you specify particular
	   "capabilities" for user accounts, and sets those capabilities
	   when a user logs in - unfortunately, I don't think there are
	   any such versions, so you'd have to convince the maintainers
	   of those programs to design some scheme to specify the list
	   of capabilities in "/etc/passwd" or some database, and to
	   change the programs to do so (or come up with library
	   routines that all those programs can use to do that, add
	   those routines to some standard library on Linux
	   distributions, and change the programs to use them);

	2) once that happens (which I suspect won't be any time soon),
	   give your account the CAP_NET_RAW capability.