Wireshark · Ethereal-dev: Re: [Ethereal-dev] Running Ethereal as an unprivileged user

[Guy Harris <guy@xxxxxxxxxxxx>]

On Sep 10, 2003, at 3:40 PM, Richard Urwin wrote:

> Here is a C program that demonstrates using Linux (POSIX.1e)
> capabilities to run as a normal user but keeping certain privilages.
>
> It runs, as can be seen below, under a standard MDK9.1 kernel. In fact
> it should work under any kernel from 2.2.19 onward.

Yes, but is there some way of achieving this *without* adding code to 
the application?

E.g., can a user be given the CAP_NET_RAW and CAP_NET_ADMIN 
capabilities (although I think CAP_NET_ADMIN gives capabilities not 
needed - too bad there's no 
CAP_NET_JUST_ENUMERATE_THE_DAMN_NETWORK_INTERFACES or something such as 
that; do you need CAP_NET_ADMIN to use "getifaddrs()" on those Linuxes 
that have it?), as part of the appropriate capability sets, in such a 
way that their login processes get them and either

	1) all programs

or

	2) all programs with those capabilities

get them in their "effective capabilities" set?

Your test program appears to be running with an effective UID of root; 
it'd be nice if Ethereal/Tethereal/tcpdump/etc. didn't have to be run 
with an effective UID of root at all (not even if they give it up as 
soon as they get the appropriate capabilities).

> I propose that we add this functionality into Ethereal, when built on
> Linux, and when libcap and the kernel headers are available.

Should it go there, or should it go in libpcap, so that *all* libpcap 
applications work that way?