[Oisf-devel] [RFC] change accounts when starting up
sgrubb at redhat.com
Thu Feb 25 11:41:44 UTC 2010
On Wednesday 24 February 2010 05:33:03 pm Will Metcalf wrote:
> I will have a look tomorrow. I see one thing right away that we will
> have to address. Certain run modes will require root access such as
> inline mode that uses NFQUEUE.
Root access or a capability? Using libcap-ng, its only 3 lines of code to
retain capabilities and change uid/group.
> I think the file handles are also opened as root before we drop privs. Like
> I said though I will have a look tomorrow as it is something that we need to
> support at least for pcap live mode.
Sure. I can easily rework the patch to retain capabilities. But you really
don't want something dissecting malicious packets to be running as root.
More information about the Oisf-devel