On 04/03/14 11:39, Elazar Leibovich wrote: > You can add capability of raw socket to the executable, hence run as > non-root. > > Since what you're asking means potentially send illegal (unrouteable) > IP packets, I guess that indeed the kernel will require special > privileges to enable you to do that. > > As I said, you can mitigate that with capabilities, or use the old > method of start as root, bind socket and drop privileges, or use a > small server creating such sockets running as root. > > Or (very very slightly) modify the source of "privbind", a project that started due to someone asking a question on this very mailing list.
Shachar http://sourceforge.net/projects/privbind/
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
