Why does SO_BINDTODEVICE require root? - Networking
This is a discussion on Why does SO_BINDTODEVICE require root? - Networking ; Hi,
Why does SO_BINDTODEVICE require root?
This dooms a whole class of applications to run (at least in part) as root
and seems to have an overall security reducing effect, so what's the reason
for making it root only?
Thanks
...
-
Why does SO_BINDTODEVICE require root?
Hi,
Why does SO_BINDTODEVICE require root?
This dooms a whole class of applications to run (at least in part) as root
and seems to have an overall security reducing effect, so what's the reason
for making it root only?
Thanks
Jim
-
Re: Why does SO_BINDTODEVICE require root?
On Oct 7, 11:33*pm, "Jim Talbut" wrote:
> Why does SO_BINDTODEVICE require root?
Because it sends packets in the wrong direction.
> This dooms a whole class of applications to run (at least in part) as root
> and seems to have an overall security reducing effect, so what's the reason
> for making it root only?
What class of applications would that be?
DS
-
Re: Why does SO_BINDTODEVICE require root?
"David Schwartz" wrote in message
news:659199c1-0e1a-4fd9-a7b9-96121e3dac2e@f37g2000pri.googlegroups.com...
> On Oct 7, 11:33 pm, "Jim Talbut" wrote:
> > Why does SO_BINDTODEVICE require root?
> Because it sends packets in the wrong direction.
?
BINDTODEVICE stops a socket from interacting with any device except the
bound one - why does this involve sending packets in the wrong direction?
In my particular case the socket involved won't be sending any packets at
all - it's strictly a listener.
> > This dooms a whole class of applications to run (at least in part) as
> > root
> > and seems to have an overall security reducing effect, so what's the
> > reason
> > for making it root only?
> What class of applications would that be?
Those that receive broadcast packets from machines without IP addresses and
want to respond to them.
It might sound a bit specific, but DHCP servers can't be the only ones in
this class (though that is my specific problem).
Jim
-
Re: Why does SO_BINDTODEVICE require root?
On Oct 8, 11:57*am, "Jim Talbut" wrote:
> BINDTODEVICE stops a socket from interacting with any device except the
> bound one - why does this involve sending packets in the wrong direction?
> In my particular case the socket involved won't be sending any packets at
> all - it's strictly a listener.
Then why not bind to the address? Why bind to the device?
> > > This dooms a whole class of applications to run (at least in part) as
> > > root
> > > and seems to have an overall security reducing effect, so what's the
> > > reason
> > > for making it root only?
> > What class of applications would that be?
> Those that receive broadcast packets from machines without IP addresses and
> want to respond to them.
> It might sound a bit specific, but DHCP servers can't be the only ones in
> this class (though that is my specific problem).
The problem is not with SO_BINDTODEVICE, it's with the fact that there
is no generic, unprivileged way to interact with a device other than
by address or to track which device a packet was received on.
SO_BINDTODEVICE is a hack to cover the fact that there is no sensible
interface.
Unprivileged applications are assumed not to be interested in the
specifics of how their traffic gets to its destination because there
is no API to let them do so.
It would be the same if you wanted to implement TCP yourself on a
machine that didn't have a TCP implementation. You would need low-
level access only 'root' would be allowed because nobody installed/
developer/activated the high-level access.
DS
