On Saturday 31 January 2004 04:49, Xia Wei-Zhong-W20079 wrote: > Hi, Gilad > > I remember that setsockopt(SO_BINDTODEVICE) will need root privilege. > so can the hijack you mentioned work? Well, it will work as is for any program being run by 'root'. This means it's actually quite useful for a lot of network daemon programs that start as root in order to bind to a privileged port and then drop 'root' privileges after they open the socket - by which time the little library has already finished what it needed root privileges for anyway... - think about SSH for example. It wont work with SUID programs being run by mere mortals, though you can probably get around this limitation by abusing the fact that SO_BINDTODEVICE actually only requires CAP_NET_RAW capability and building some sort of wrapper for the original program, but I haven't actually tried this myself. Cheers, Gilad -- Gilad Ben-Yossef <gilad@codefidence.com> Codefidence. A name you can trust (TM) http://www.codefidence.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
