I was hoping that either via kernel capabilities or SE Linux that
we
could avoid this. Both seem to offer exactly the feature we want,
opening raw sockets from unprivileged accounts. But it's really
unclear from all the doc's online how these two interact. Best we
could do was try all the examples and approaches we could find -
none
worked.
I guess I can try trolling the kernel source ... ugh! ... to see if
your recollection is correct. I certainly hope there is another
option ...
Thanks
S
I think Ross is right. At my last contract with IBM some years back,
we
were doing some raw socket stuff. ISTR that we had no problems
because
we were real root applications. IIRC, docs specified root
privileges.
I completely agree with the fact that raw sockets require root
privilege, that is the situation we're currently in and don't want to
continue with. But am I then completely misunderstanding when I think
that SE Linux can allow non-root access to certain "normally root
only" capabilities, on a per process basis? Certainly all the ping-
related SE Linux examples online all show precisely this: provide
access to raw sockets for a non-root process.
ping is suid root, though.
Agreed, ping normally is. But what the SE Linux examples are showing
is that you can remove the potential security hole of having ping be
suid root, and use a custom SE Linux module to allow it simply access
to raw sockets. Then, comprimising ping gets you only raw socket
access and not full root access. At least, this is my understanding ...
S
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
