ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Possibly two ways, run the program suid so it has the proper permission no matter who starts it. Or, create a daemon running as root that does the actual raw socket work and talk to the daemon over a regular socket from your user application.
"run the program suid so it has the proper permission no matter who starts it."
To follow up the discussion here. I have tried to open the raw socket I mentioned above with a project I created from KDevelop environment . I made setuid(0) before the socket() call, setuid(0) call retuned -1. Anyone give me a hint about the right way to do it.
Running a daemon at root would be too complicated for me.
Or should I write a driver module for this raw socket communication?
setuid(0) fails because you don't have the privileges. You need to set the set-uid bit on the executable: "chmod u+s /path/to/exec". Then use "setuid(getuid());" in your code to drop privileges.
(1) By "chmod u+s /path/to/exec", meaning I have to do this in the command line? Is anyway to resolve this in the code?
(2) Then use "setuid(getuid());" in your code to drop privileges.
I think I need do the best to drop the previlage before exit. What is the consequnce if some exception happen that made me missing the drop call?
(1) By "chmod u+s /path/to/exec", meaning I have to do this in the command line? Is anyway to resolve this in the code?
No program can get root privileges by itself. It must have been granted by root manually.
Quote:
(2) Then use "setuid(getuid());" in your code to drop privileges.
I think I need do the best to drop the previlage before exit. What is the consequnce if some exception happen that made me missing the drop call?
I guess you only need the privileges to get the raw sockets. Dropping them right after obtaining it conforms to the best security practice. Then you can safely register signal handlers and do stuff without the risk of compromise in your program. Remember to setrlimit() with RLIMIT_CORE so any core file won't contain passwords and sensitive data that is passing through your network interfaces.
Want continue on this topic. After I open the raw socket as I mentioned. I set the sock to be IFF_PROMISC after socket() call. I then wrote a function to recieve the package. but I found out the recvfrom() call is really slow/stucked from time to time. Is anyone know what is the problem? I did not find the option/flag to set recvfrom() call do not wait even data is not availabe.
int receive_pkt(void *pCurBuff, size_t uiSize)
{
int iNumRecv = 0;
struct sockaddr_ll ll;
socklen_t len = sizeof(struct sockaddr_ll);
memset(&ll, 0, len);
#ifdef DEBUG_OUTPUT
printf("receive_pkt(): sock=%d\n", sock);
#endif
// Receive the User Buffer from the Source Address, Check if Error Returned
iNumRecv = recvfrom(sock, pCurBuff, uiSize, 0, (sockaddr*)&ll, &len);
......
}
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.