Re: User-space controlled raw ethernet - Is this the way to go?

Jan Kandziora wrote:
> Essentially, libpcap does not neet root priviledge, but CAP_NET_RAW and
> maybe CAP_NET_ADMIN capabilities.

Yes, I remember looking into this when I was considering the libpcap route. But to be honest, I got totally lost, and could find little examples/further explanation that helped. My conclusion (that might be totally wrong) was that most of the capabilities stuff is deprecated (or haeding that way).

Chris Friesen wrote:
If you can get the root privileges to install a kernel module, can't you make the executable setuid root?

Perhaps If I added a bit more detail. That main application that will be sending/receiving data (on the PC side) will be Java based. My plan was to use a bit of JNI to link the Java to the low-level socket code (whether it's a kernel module or libpcap based). I don't want the Java app running as root. I'm not too sure how to have the ethernet access running with root permissions, but the Java app running as a regular user.

With regards to the kernel module. Things _were_ going well. But with further reading, it seems creating and using a socket from within a kernel module isn't good practice, or even allowed. (Again, I may be totally wrong here). When I try to compile a module using the socket function I get:

warning: implicit declaration of function 'socket'

I'm certain I have the right headers included. The same set worked when used with a non-kernel module test program.

Andy
.

Relevant Pages

  • Re[2]: accounting with ipfw (gid, uid riles)
    ... MS> The uid associated with a socket is the uid of the process which created ... it's still accounted to root. ... far, is adding alias interface, bind squid to this interface and count ...
    (FreeBSD-Security)
  • Re: Recent bad dental experience
    ... Root fragments are left behind on occasion and healing will ... During the extraction the dentist said the tooth broke up into many ... index finger to feel if there was any food material in the socket. ... my surprise, I felt a small, hard, loose fragment, which I was able to ...
    (sci.med.dentistry)
  • Re[2]: accounting with ipfw (gid, uid riles)
    ... But I wanted to count Squid traffic. ... If squid runs the listen as root, all sockets created from that listen ... socket will also be accounted to root. ... not know how natd would affect connections in terms of uid accounting. ...
    (FreeBSD-Security)
  • Re: ATI Radeon X1300 under X.Org 7.1.1
    ... You need to copy the module to the kernel module location. ... Open your favorite text editor and open the file '/etc/X11/xorg.conf' (you still need root access for that, so start the editor from the root command line). ... Now log off your X session and restart the X server. ...
    (comp.os.linux.x)
  • Re: ATI Radeon X1300 under X.Org 7.1.1
    ... After that, the kernel module is compiled (or should be, if you have ... '/etc/X11/xorg.conf' (you still need root access for that, ... editor from the root command line). ... Now log off your X session and restart the X server (some display ...
    (comp.os.linux.x)