On Thursday 10 June 2004 10:12, Gilad Ben-Yossef wrote: > On Wednesday 09 June 2004 18:52, Shachar Shemesh wrote: > > Hi all, > > > > I'm trying to provide a library call that will run a ping to a server. > > The catch is that it needs to be done as a non-root user, and I would > > like to avoid any solution that involves any SUID or root running > > processes beyond what is already there. That leaves me, pretty much, > > "ping". > > Actually, not quite. You don't need to be root, you need your process to > have the CAP_NET_RAW capability. This is not quite one and the same. You > can start root and drop all privileges except the needed CAP_NET_RAW or > even better - you can have a wrapper that starts as root, drops all > unneeded caps and then execs the original program. >
I thought of it, and actually if you already start as root and loose previliges, you can just as well open an ICMP socket and leave it open and just use this for all ICMP requests later. More secure and simpler. Cheers, Gilad -- Gilad ben-Yossef <[EMAIL PROTECTED]> Codefidence. A name you can trust(TM) http://www.codefidence.com ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
