Confirmed, thanks! Doug On Wed, Nov 14, 2012 at 10:43 AM, Daniel Borkmann <[email protected]> wrote: > On Wed, Nov 14, 2012 at 5:45 AM, Doug Burks <[email protected]> wrote: >> The INSTALL file says: >> >> In order to run the toolkit as a normal user, set the following privilege >> separation after the build/installation: >> $ sudo setcap cap_net_raw,cap_ipc_lock,cap_net_admin=eip {toolname} >> >> So I ran the following: >> sudo setcap cap_net_raw,cap_ipc_lock,cap_net_admin=eip /usr/sbin/netsniff-ng >> >> I'm then able to sniff as a non-root user using something like: >> netsniff-ng -i eth0 >> >> However, if I try to write to disk using something like: >> netsniff-ng -i eth0 -o /tmp >> >> I get the following error: >> Failed to set io prio for pid! >> >> I see that there is a priority option (which I haven't enabled): >> -H|--prio-high Make this high priority process >> >> Does netsniff-ng try to change the priority by default when writing to disk? >> >> Is this is a bug, or do I need to alter my setcap command? > > Thanks for reporting. Fixed as well upstream. It should have been: > > $ sudo setcap cap_net_raw,cap_ipc_lock,cap_sys_admin,cap_net_admin=eip > {toolname} > > ... since i.e. netsniff-ng also sets the disc I/O scheduler policy. > > -- > >
-- Doug Burks http://securityonion.blogspot.com --
