Bug#611073: marked as done (please consider use of file capabilities)

Wed, 20 Jul 2011 01:36:19 -0700 

Your message dated Wed, 20 Jul 2011 03:30:54 -0500
with message-id <[email protected]>
and subject line Re: [traceroute] please consider use of file capabilities
has caused the Debian Bug report #611073,
regarding please consider use of file capabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
611073: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: traceroute
Version: 1:2.0.15-1
Severity: wishlist

The upstream source contains a hardcoded test that makes it
impossible to use file capabilities (libcap2) with traceroute,
i.e., the use of '-I' is checked against superuser accesss.

A simple removal of a single test makes the setting of "cap_net_raw"
sufficient to use this mechanism. Upstream might be moved into
providing this possibilility, enhanced by improved messages
at the time of socket creation.

Please consider the implications of this change, whether it
be applicable or desireable.

Regards,
  Mats Erik Andersson, DM



--- traceroute-2.0.15/traceroute/traceroute.c.orig      2010-07-14 
15:54:03.000000000 +0200
+++ traceroute-2.0.15/traceroute/traceroute.c   2011-01-25 11:43:20.000000000 
+0100
@@ -566,9 +566,14 @@
        ops = tr_get_module (module);
        if (!ops)  ex_error ("Unknown traceroute module %s", module);
 
+#if 0
+       /* Remove test in order to allow file capabilities management.
+        * The use of Linux specific "cap_net_raw" is sufficient.
+        */
        if (!ops->user && geteuid () != 0)
            ex_error ("The specified type of tracerouting "
                        "is allowed for superuser only");
+#endif
 
 
        if (!first_hop || first_hop > max_hops)

--- End Message ---
--- Begin Message --- 
Version: 1:2.0.17-1

Dmitry Butskoy wrote:
> Daniel Baumann wrote:

>>The upstream source contains a hardcoded test that makes it
>>impossible to use file capabilities (libcap2) with traceroute,
[...]
> The problem is already fixed in the latest version of 2.0.17

Therefore closing.  Thanks, Dmitry.

--- End Message ---

Reply via email to