[PATCH] traceroute: delete the verification of root user
Henrique de Moraes Holschuh
henrique at nic.br
Sat Mar 1 15:11:57 UTC 2025
On 01/03/2025 09:38, tito wrote:
> couldn't you check if the capability is available?
Why? It is just as problematic as the euid() == 0 test. One could be
root without CAP_NET_RAW. One could be non-root with CAP_NET_RAW. One
could be constrained by any other kernel-side policy...
Instead, I recommend that you don't assume you cannot (or can) send packets.
Try to open (and if you want/need to, connect()) the socket, and if that
succeeds, try to send the packets. Should you get EPERM or EACCES back
on any of those syscalls, you report that you don't have permission to
send RAW packets.
Maybe you will also need to cover more errors than just EPERM and
EACCES, but the idea that "don't assume you cannot do it, try and report
errors instead" still holds.
You could differentiate socket() and connect() as "cannot create raw
socket", and send()/sendto()/write() as "cannot send raw packets", for
better user experience.
Please remember to handle EPERM results as "permission denied": Linux
can return EPERM for send()/sendto() due to local firewall rules in many
cases. socket() may return EPERM in several operating systems (maybe
also Linux), etc.
Suggestions:
(for EACESS, EPERM on socket(), connect()):
"cannot open raw socket: permission denied. You might need root or
CAP_NET_RAW for this to work".
and
(for EPERM, EACCES on sendto()/send()/write()):
"cannot send packet: permission denied. You might need root or
CAP_NET_RAW for this to work. Also check local firewall rules"
--
Henrique de Moraes Holschuh
More information about the busybox
mailing list