diff options
author | Thomas Habets <thomas@habets.pp.se> | 2010-05-03 22:41:25 +0200 |
---|---|---|
committer | Thomas Habets <thomas@habets.pp.se> | 2010-05-03 23:03:04 +0200 |
commit | 62f1f99d0fd639602667981b1d451f6ee9806415 (patch) | |
tree | d25b37068260e680018343db68384e82e949dc75 /README | |
parent | df36995363d6b92d635d353a55ba4b51ce004b5a (diff) | |
download | arping-62f1f99d0fd639602667981b1d451f6ee9806415.tar.gz |
Don't fail if not uid 0. We may have capabilities anyway, so try to go on
Diffstat (limited to 'README')
-rw-r--r-- | README | 13 |
1 files changed, 9 insertions, 4 deletions
@@ -191,13 +191,18 @@ A: Be my guest, but if care about security *at all* you will have to restrict a network debugging tool, which generates low-level network packets that ordinary users have absolutely no business generating. - For example, I don't protect against an ALRM signal flood, which will result - in a packet flood. (arping 2.x doesn't have this issue) - If you are honestly debugging the network then I don't see why you aren't root already. - If you think I'm wrong, tell me why. + That being said, on Linux you can add the CAP_NET_RAW capability to arping + limiting the damage if arping were to be compromised: + sudo setcap cap_net_raw+ep /usr/local/sbin/arping + This requires a libnet which does not explicitly check for uid 0. The + current version of libnet does check this, so unless you patch it it will + not help. + + Patch: + http://github.com/ThomasHabets/libnet/commit/aaa383b5c816107082508b7646929a9479b81645 --- Q: What's this -A switch all about, I don't understand it. |