Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Why root permissions required for creating of RAW Socket
Top Forums UNIX for Advanced & Expert Users Why root permissions required for creating of RAW Socket Post 302311090 by Corona688 on Monday 27th of April 2009 11:46:27 PM
Old 04-28-2009
Quote:
Originally Posted by anilgurwara
I don't buy your thought...
Well, good for you... Unfortunately it even says so in the 'raw' manpage:
Code:
Only processes with an effective user ID of 0 or the CAP_NET_RAW  capability are allowed to open raw sockets.

Raw access is needed by protocols, which are generally a part of the kernel, not usermode things.
Quote:
There must be some way out to create raw sockets without having root login.
You can't even send ICMP packets without root. If there was a better way they wouldn't need to have a setuid bit on ping. Which would be one way to get root when you need it, setuid bits. or sudo.
Last edited by Corona688; 04-28-2009 at 12:54 AM..
 

9 More Discussions You Might Find Interesting

1. Programming

RAW socket and CONFIG_FILTER

Hi, Im doin a project on DHCp client-server setup. i have to use RAW sockets in the code for this. The call PF_PACKET, SOCK_RAW as the first two arguments. The code compiles but when i try to start the Dhcp client, I get an error saying "Make sure CONFIG_PACKET and CONFIG_FILTER is enabled". I... (4 Replies)
Discussion started by: yannifan
4 Replies

2. Linux

permissions to su to root

What is the file you have to edit to allow or deny someone to be able to su - to root? (4 Replies)
Discussion started by: BG_JrAdmin
4 Replies

3. HP-UX

Root Permissions

Hi all, I cannot change root owned files/directories even though I am logged in as root. >drwxr-xr-x 11 root root 4096 Oct 25 14:00 prodbkp >root / # chown oracle prodbkp prodbkp: Not owner >id uid=0(root) gid=3(sys) groups=0(root) please assist. thanks (0 Replies)
Discussion started by: macgre_r
0 Replies

4. IP Networking

Changing the source IP?? using RAW Socket.

Hi There, Suppoose we have configured logical Interface 2.2.2.2 on a server with Primary IP 1.1.1.1. Now when I am sending a packet from this server, is it possible to make receiver assume that this packet has come from IP 2.2.2.2 and not 1.1.1.1 I think it is possibl using RAW sockets??? but... (1 Reply)
Discussion started by: Ankit_Jain
1 Replies

5. Programming

creating socket()

deleted (7 Replies)
Discussion started by: satish@123
7 Replies

6. UNIX for Dummies Questions & Answers

Creating a File system with required permissions for all DIR's created in

Hello All, I am application admin. I need to clear all the temporary files cleared by the applications. I need help/suggestion that is there any way to create a file system such that every Dir created in by any user will have 775 permissions. So, that i can simply clear the temporary file which... (6 Replies)
Discussion started by: firestar
6 Replies

7. Shell Programming and Scripting

Help required for creating script.

I want to create a shell script which should be doing following things .. i have the commands but do not know how to tie them up together. 1. . Go to a pre-defined directory and look for a specific pattern txt files like abc12* and select the latest file with abc12* ls |awk '{if($NF... (4 Replies)
Discussion started by: fugitive
4 Replies

8. Programming

Raw Socket Programming - Efficient Packet Sniffer

Hi, I have the requirement to sniff packets from the Ethernet card on my Linux machine and process it and feed it to a RANAP protocol stack. So far I have written the raw packet sniffer and successfully sniffing packets and do little processing. However, for huge number of packets ... (9 Replies)
Discussion started by: rstnsrr
9 Replies

9. Solaris

Installing TCP-MUX protocol socket help required.

I been looking for a good guide or some help on how to install and setup TCP-MUX protocol socket on my Solaris 7 servers. Can anyone point me in right direction of help me ? Thanks (5 Replies)
Discussion started by: Wpgn
5 Replies

LEARN ABOUT OPENDARWIN

icmp

ICMP(4) 						   BSD Kernel Interfaces Manual 						   ICMP(4)

NAME

     icmp -- Internet Control Message Protocol

SYNOPSIS

     #include <sys/socket.h>
     #include <netinet/in.h>

     int
     socket(AF_INET, SOCK_RAW, proto);

DESCRIPTION

     ICMP is the error and control message protocol used by IP and the Internet protocol family.  It may be accessed through a ``raw socket'' for
     network monitoring and diagnostic functions.  The proto parameter to the socket call to create an ICMP socket is obtained from
     getprotobyname(3).  ICMP sockets are connectionless, and are normally used with the sendto and recvfrom calls, though the connect(2) call may
     also be used to fix the destination for future packets (in which case the read(2) or recv(2) and write(2) or send(2) system calls may be
     used).

     Outgoing packets automatically have an IP header prepended to them (based on the destination address).  Incoming packets are received with
     the IP header and options intact.

   Non-privileged ICMP
     ICMP sockets can be opened with the SOCK_DGRAM socket type without requiring root privileges. The synopsis is the following:

     socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP)

     This can be used by non root privileged processes to send ICMP echo requests to gauge the quality of the connectivity to a host, to receive
     ICMP destination unreachable message for path MTU discovery, or to receveive time exceeded message for traceroute.

     Datagram oriented ICMP sockets offer a subset of the functionality available to raw ICMP sockets. Only IMCP request messages of the following
     types can be sent: ICMP_ECHO, ICMP_TSTAMP or ICMP_MASKREQ.  The code field must be the value zero (0).  The minimal length of an ICMP message
     request is eight (8) octets.

     The following IP level option can be used with datagram oriented ICMP sockets:

	 IP_OPTIONS
	 IP_HDRINCL
	 IP_TOS
	 IP_TTL
	 IP_RECVOPTS
	 IP_RECVRETOPTS
	 IP_RECVDSTADDR
	 IP_RETOPTS
	 IP_MULTICAST_IF
	 IP_MULTICAST_TTL
	 IP_MULTICAST_LOOP
	 IP_ADD_MEMBERSHIP
	 IP_DROP_MEMBERSHIP
	 IP_MULTICAST_VIF
	 IP_PORTRANGE
	 IP_RECVIF
	 IP_IPSEC_POLICY
	 IP_STRIPHDR

     When the IP option IP_HDRINCL is used, the provided IP header must obey the following rules:

	 ip_v	    Must be IPVERSION (4);
	 ip_hl	    Between 5 and 10 (inclusive);
	 ip_tos     Any value;
	 ip_len     Must be the total length of IP datagram (IP header + ICMP message);
	 ip_id	    Must be zero, will be automatically set;
	 ip_off     Must be zero, will be automatically set;
	 ip_ttl     Any value;
	 ip_p	    Must be IPPROTO_IP;
	 ip_sum     Value ignored, will be automatically set;
	 ip_src     Must be an IP address currently assigned to one of the local interface or INADDR_ANY;
	 ip_dst     Any address;
	 ip_opts    Any option.

     The maximum length of a IMCP message that can be sent is controlled by the sysctl variable net.inet.raw.maxdgram.

DIAGNOSTICS

     A socket operation may fail with one of the following errors returned:

     [EISCONN]	      when trying to establish a connection on a socket which already has one, or when trying to send a datagram with the destina-
		      tion address specified and the socket is already connected;

     [ENOTCONN]       when trying to send a datagram, but no destination address is specified, and the socket hasn't been connected;

     [ENOBUFS]	      when the system runs out of memory for an internal data structure;

     [EADDRNOTAVAIL]  when an attempt is made to create a socket with a network address for which no network interface exists;

     [EINVAL]	      when an invalid value is used with IMCP datagram socket for a field of the IP or ICMP header.

SEE ALSO

     send(2), recv(2), intro(4), inet(4), ip(4)

HISTORY

     The icmp protocol appeared in 4.3BSD.

4.3 Berkeley Distribution					   June 19, 2002					 4.3 Berkeley Distribution
All times are GMT -4. The time now is 07:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy