Re: GTK setuid problem

From: Robert Pearce <rob bdt-home demon co uk>
To: gtk-list gnome org
Subject: Re: GTK setuid problem
Date: Tue, 20 Apr 2010 18:53:40 +0100

On Tue, 20 Apr 2010 08:42:52 -0400 Paul Davis wrote:
> On Tue, Apr 20, 2010 at 3:22 AM, robin <robinpv iwavesystems com> wrote:
> 
> >     s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
> 
> regular users can't do this on most (all?) linux systems. this is a
> highly priviledged operation, and its not a suprise that a regular
> user can't do this.

Just to be clear, since Robin didn't say anything about why he's doing
exactly that:
Opening a socket _AT THIS LOW A LEVEL_ is a highly
privileged operation. Unless the application is a net sniffer or
similarly evil hacker tool, you won't need it. So to my mind, without
knowing what Robin's application is, it seems likely that the correct
fix is either:
1) Only allow root to use it. After all, it's a dangerous tool
or
2) Fix the socket instantiation so that it doesn't need such privileges.

Cheers,
Rob

References:
- GTK setuid problem
  - From: robin
- GTK setuid problem
  - From: robin
- Re: GTK setuid problem
  - From: Robert Pearce
- Re: GTK setuid problem
  - From: robin
- Re: GTK setuid problem
  - From: Paul Davis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]