Re: GTK setuid problem



On Tue, 20 Apr 2010 08:42:52 -0400 Paul Davis wrote:
> On Tue, Apr 20, 2010 at 3:22 AM, robin <robinpv iwavesystems com> wrote:
> 
> >     s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
> 
> regular users can't do this on most (all?) linux systems. this is a
> highly priviledged operation, and its not a suprise that a regular
> user can't do this.

Just to be clear, since Robin didn't say anything about why he's doing
exactly that:
Opening a socket _AT THIS LOW A LEVEL_ is a highly
privileged operation. Unless the application is a net sniffer or
similarly evil hacker tool, you won't need it. So to my mind, without
knowing what Robin's application is, it seems likely that the correct
fix is either:
1) Only allow root to use it. After all, it's a dangerous tool
or
2) Fix the socket instantiation so that it doesn't need such privileges.

Cheers,
Rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]