[Simh] simh and tap device under linux
David Holland
david.w.holland at gmail.com
Tue Aug 25 14:29:43 EDT 2009
On Tue, Aug 25, 2009 at 1:53 PM, Shoppa, Tim<tshoppa at wmata.com> wrote:
>
> What adjustments are possible in a typical Unix/Linux system that allows pcap to work usefully yet doesn't give root access?
I don't believe any of the other methods are terribly portable, and
both would still require code modifications.....
capabilibies(7), and CAP_NET_ADMIN (for Linux)
privileges(5), and PRIV_NET_RAWACCESS (for Solaris)
- I think -
<shrug> Nothing portable that I know of.....
IIRC, tcpdump/wireshark calls pcap_open_live() then calls
setuid()/seteuid() to drop its own privileges before it does much
else.
>
> I know some proposed running simh inside a VM inside the real computer, with the VM having better ability to turn on network access at the per socket level and providing the security against messing up the "real" machine. But I get confused enough by simh inside a real computer, never mind the VM level.
>
Yup, that starts down a hole that involves the sacrifice of many many
chickens. Eventually you run out of chickens and quit worrying
about it. :-)
> Tim.
>
> _______________________________________________
> Simh mailing list
> Simh at trailing-edge.com
> http://mailman.trailing-edge.com/mailman/listinfo/simh
>
More information about the Simh
mailing list