[Oisf-devel] [RFC] change accounts when starting up

Steve Grubb sgrubb at redhat.com
Thu Feb 25 11:41:44 UTC 2010

On Wednesday 24 February 2010 05:33:03 pm Will Metcalf wrote:
> I will have a look tomorrow. I see one thing right away that we will
> have to address. Certain run modes will require root access such as
> inline mode that uses NFQUEUE.

Root access or a capability? Using libcap-ng, its only 3 lines of code to 
retain capabilities and change uid/group.

> I think the file handles are also opened as root before we drop privs.  Like
> I said though I will have a look tomorrow as it is something that we need to
> support at least for pcap live mode.

Sure. I can easily rework the patch to retain capabilities. But you really 
don't want something dissecting malicious packets to be running as root.


More information about the Oisf-devel mailing list