LSF (BPF) for unprivileged programs
We want to run a packet filter program on a system (using BPF, or in the linux case, LSF) unprivileged.
In *BSD its easy, you chown and chgrp the bpf devices so the unprivildged application's user level has read privilidges. How can one do the same for linux? Thanks. |
In *BSD its easy, you chown and chgrp the bpf devices so the unprivildged application's user level has read privilidges.
In Linux there are no devices to chown, you *just* need the CAP_NET_RAW capability set (root). What you probably want is to drop unnecessary privileges and run on as unprivileged user. Sniffers like Snort (-u) and tcpdump (-U or -Z) can do that. Also please check if you need additional measures like (a LSM or Grsecurity enabled kernel +) chrooting the app. |
All times are GMT -5. The time now is 03:37 PM. |