On 05/16/2016 09:53 AM, Christoph Lameter wrote:
> On Fri, 13 May 2016, Doug Ledford wrote:
>
>>> if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED)
>>>
>>
>> I'm not at all convinced this is the right thing to do. Sniffing of
>> packets is definitely a privileged operation. Tcpdump needs to be run
>> as root to do this on regular devices. If not CAP_NET_ADMIN, then a
>> root check seems appropriate. CAP_NET_RAW does not seem sufficient for
>> sniffing other people's packets.
>
> CAP_NET_RAW is sufficient for tcpdump and this is not more than that.
That's not true. In order to set promisc on an interface, tcpdump calls
ioctl with SIOCSIFFLAGS as the ioctl and IFF_PROMISC set in the flags,
and in net/core/dev_ioctl.c we see this check for SIOCSIFFLAGS:
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
return -EPERM;
/* fall through */
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature
