Package: traceroute Version: 1:2.0.15-1 Severity: wishlist The upstream source contains a hardcoded test that makes it impossible to use file capabilities (libcap2) with traceroute, i.e., the use of '-I' is checked against superuser accesss.
A simple removal of a single test makes the setting of "cap_net_raw" sufficient to use this mechanism. Upstream might be moved into providing this possibilility, enhanced by improved messages at the time of socket creation. Please consider the implications of this change, whether it be applicable or desireable. Regards, Mats Erik Andersson, DM --- traceroute-2.0.15/traceroute/traceroute.c.orig 2010-07-14 15:54:03.000000000 +0200 +++ traceroute-2.0.15/traceroute/traceroute.c 2011-01-25 11:43:20.000000000 +0100 @@ -566,9 +566,14 @@ ops = tr_get_module (module); if (!ops) ex_error ("Unknown traceroute module %s", module); +#if 0 + /* Remove test in order to allow file capabilities management. + * The use of Linux specific "cap_net_raw" is sufficient. + */ if (!ops->user && geteuid () != 0) ex_error ("The specified type of tracerouting " "is allowed for superuser only"); +#endif if (!first_hop || first_hop > max_hops) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org