On Wed, Sep 05, 2012 at 03:56:28PM +0200, Nikola Pajkovsky wrote:
Vitezslav Samel <vitezslav(a)samel.cz> writes:
> On Wed, Sep 05, 2012 at 03:31:05PM +0200, Nikola Pajkovsky wrote:
>> Vitezslav Samel <vitezslav(a)samel.cz> writes:
>>
>> > On Tue, Sep 04, 2012 at 04:22:23PM +0200, Nikola Pajkovsky wrote:
>> >> Signed-off-by: Nikola Pajkovsky <npajkovs(a)redhat.com>
>> >> ---
>> >> src/iptraf.c | 44 +++++++++++++++++++++++++++++++++++++++++---
>> >> 1 file changed, 41 insertions(+), 3 deletions(-)
>> >
>> > Seems like changing location of PID file from the command line
>> > will be added later?
>>
>> it won't be added at all. Tell me, why it is useful to run iptraf-ng
>> --pid /tmp/x and iptraf-ng /tmp/xx? Seems to me like nice tool to knock
>> down system.
>>
>> while (1)
>> iptraf-ng --pid /dev/random
>
> This way of thinking doesn't help. If you are root you can shoot
> yourself (your machine) millions other ways.
>
> This option helps in case you want your pid files in eg. /run
> directory or maybe in subdirectory of /var/run. And in case we get rid
> of geteuid() != 0 check in main() when running under non-root user but
> with the proper capabilities (CAP_NET_ADMIN, ...).
and why not to have it in build time? some distribution can (don't know and
don't care) setuid, and patch it like
#ifndef SETUID
if (geteuid() != 0)
die("This program can be run only by the system administrator");
#endif
similar patch comes from debian.
Buit this doesn't solve the case you have SETUID and you don't want to
use it (or leave the decision on the user), but rather use capabilities
under non-root user. The correct way is to check the right capabilities
on start or check the return value of socket(PF_PACKET, SOCK_RAW, ...).
#ifndef IPTRAF_PIDFILE
#define IPTRAF_PIDFILE "/var/run/iptraf-ng.pid"
#endif
BASIC_CFLAGS += IPTRAF_PIDFILE=boo-hoo
what I will do is add comment in Makefile
I'm OK with it.
Vita