LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-31-2005, 02:44 PM   #1
nweaver
LQ Newbie
 
Registered: Oct 2005
Posts: 1

Rep: Reputation: 0
LSF (BPF) for unprivileged programs


We want to run a packet filter program on a system (using BPF, or in the linux case, LSF) unprivileged.

In *BSD its easy, you chown and chgrp the bpf devices so the unprivildged application's user level has read privilidges.

How can one do the same for linux?

Thanks.
 
Old 11-01-2005, 06:38 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786Reputation: 2786
In *BSD its easy, you chown and chgrp the bpf devices so the unprivildged application's user level has read privilidges.
In Linux there are no devices to chown, you *just* need the CAP_NET_RAW capability set (root). What you probably want is to drop unnecessary privileges and run on as unprivileged user. Sniffers like Snort (-u) and tcpdump (-U or -Z) can do that. Also please check if you need additional measures like (a LSM or Grsecurity enabled kernel +) chrooting the app.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Non BSD equivelent of /dev/bpf mattp Linux - General 2 10-22-2005 06:26 PM
Tomake a cd which can install a LSF on any system jenish Linux From Scratch 3 04-16-2005 12:07 AM
Can I dd a LSF system to a CF card? hussar DamnSmallLinux 1 01-20-2005 11:04 AM
net/bpf.h not installed Xon Linux - Software 2 01-12-2005 09:47 AM
LSF, right for me? Kernel 2.6.5 Linux From Scratch 6 04-24-2004 09:31 PM


All times are GMT -5. The time now is 11:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration