[Richard Urwin <richard@xxxxxxxxxxxxxxx>]

On Tuesday 02 Dec 2003 10:18 pm, Guy Harris wrote:
> On Dec 2, 2003, at 1:46 AM, Nosnos wrote:
> >  tethereal could not acces to eth0
>
> Then you're probably running on Linux, in which case you need to be
> root, unless there's some way to get Ethereal or Tethereal to run with
> the CAP_NET_RAW capability bit (I don't know how to arrange that it run
> with that bit set).

With 2.4 kernels it needs a patch to Ethereal. Someone posted such a patch to 
the list a month or so back. IIUC, the current feeling is that as the general 
support will be provided in kernel 2.6 and no widely used application 
currently uses the capability bits, patching the standard Ethereal build 
ahead of 2.6 is not a good idea.

In standard 2.4 kernel buids, CAP_NET_RAW is cleared when a process starts a 
new program, so the patch has to be within Ethereal. There is a switch in the 
kernel build to disable that, so a program could set up the permissions and 
then start Ethereal, but there are well-known exploits that can then cause 
the system to be open to root hacks. That is the reason the switch is off as 
standard.

IIUC, in kernel 2.6 the Ethereal executable can be marked as having specific 
capabilities, rather than just a single suid flag. So no patches will be 
necessary.

-- 
Richard Urwin