[Olsr-dev] including wifi stats in jsoninfo

Ferry Huberts (spam-protected)
Sat Jun 9 22:23:42 CEST 2012



On 09-06-12 22:21, Henning Rogge wrote:
> On Sat, Jun 9, 2012 at 9:23 PM, Henning Rogge<(spam-protected)>  wrote:
>> On Sat, Jun 9, 2012 at 7:19 PM, Hans-Christoph Steiner
>> <(spam-protected)>  wrote:
>>> It is entirely clear to me that olsrd currently runs as a single process with root privileges.  I was describing how I think olsrd should work, now how it does work.  Having a single process running as root is bad form when this process only needs root access for very few things.  Separating things based on what privileges are needed is what sshd does, for example, and many other daemons.
>>>
>>> It would be nice to even use a non-privileged port, so that root is only ever needed for accessing the routing tables.  Then for changing the routing table, there would be a tiny chunk of code running as root with a very simple, limited protocol.  Then everything else including plugins would run as a very unprivileged user.
>>
>> I wonder if we can do better in the new framework. OLSRd use a
>> permanent rtnetlink socket to set the routing tables, does someone
>> know if the capabilities of the process are checked for each netlink
>> command or just when the socket is opened?
>>
>> This won't solve the problem to add a protocol UDP socket for new
>> interfaces (where we most likely need CAP_NETADMIN), but it would be a
>> step into the right direction.
>
> Just looked at the kernel source, the CAP_NETADMIN is checked for each
> incoming netlink message in the kernel.
>

ok, so a netlink socket requires special privileges all the time :-(


-- 
Ferry Huberts




More information about the Olsr-dev mailing list