LinuxQuestions.org - LSF (BPF) for unprivileged programs

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - LSF (BPF) for unprivileged programs (https://www.linuxquestions.org/questions/linux-security-4/lsf-bpf-for-unprivileged-programs-378701/)

nweaver

10-31-2005 02:44 PM

LSF (BPF) for unprivileged programs

We want to run a packet filter program on a system (using BPF, or in the linux case, LSF) unprivileged.

In *BSD its easy, you chown and chgrp the bpf devices so the unprivildged application's user level has read privilidges.

How can one do the same for linux?

Thanks.

unSpawn

11-01-2005 06:38 AM

In *BSD its easy, you chown and chgrp the bpf devices so the unprivildged application's user level has read privilidges.
In Linux there are no devices to chown, you *just* need the CAP_NET_RAW capability set (root). What you probably want is to drop unnecessary privileges and run on as unprivileged user. Sniffers like Snort (-u) and tcpdump (-U or -Z) can do that. Also please check if you need additional measures like (a LSM or Grsecurity enabled kernel +) chrooting the app.

All times are GMT -5. The time now is 03:37 PM.