Package: traceroute
Version: 1:2.0.15-1
Severity: wishlist
The upstream source contains a hardcoded test that makes it
impossible to use file capabilities (libcap2) with traceroute,
i.e., the use of '-I' is checked against superuser accesss.
A simple removal of a single test makes the setting of "cap_net_raw"
sufficient to use this mechanism. Upstream might be moved into
providing this possibilility, enhanced by improved messages
at the time of socket creation.
Please consider the implications of this change, whether it
be applicable or desireable.
Regards,
Mats Erik Andersson, DM
--- traceroute-2.0.15/traceroute/traceroute.c.orig 2010-07-14
15:54:03.000000000 +0200
+++ traceroute-2.0.15/traceroute/traceroute.c 2011-01-25 11:43:20.000000000
+0100
@@ -566,9 +566,14 @@
ops = tr_get_module (module);
if (!ops) ex_error ("Unknown traceroute module %s", module);
+#if 0
+ /* Remove test in order to allow file capabilities management.
+ * The use of Linux specific "cap_net_raw" is sufficient.
+ */
if (!ops->user && geteuid () != 0)
ex_error ("The specified type of tracerouting "
"is allowed for superuser only");
+#endif
if (!first_hop || first_hop > max_hops)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
