Hi all!
On 02.03.25 17:42, tito wrote:
[...]
So the question is what to do with the checks and warnings:
1) do nothing
2) rip out all checks and just let the system throw cryptic error messages
3) follow tradition and continue to warn to educate the user
I think the 3rd option is the most useful in the long run.
BTW: newer versions of traceroute use different techniques to perform the trace,
such as sending UDP packets with increasing TTL (Time-to-Live) values instead
of raw ICMP packets and do not require raw socket access and so users do not
need root permissions.
So if we check for root we can also check for CAP_NET_RAW if needed
or switch to an implementation that doesn't need root.
And who knows which other similar mechanism exist (not only on Linux but on
*BSD or other Unixoid OSs) and/or will exist - what's e.g. with AppArmor (I
never used it actively) and selinux (I never used it actively either)?
Personally I like the hints about needing to be root and similar. Perhaps -
after killing all checks for UID, GID, capabilites - it's
enough to add "are you root?" after a syscall error and errno == EPERM (if
applicable/useful to that one syscall).
And of course for other errno values too ...
Kind regards,
Bernd
--
Bernd Petrovitsch Email : [email protected]
There is NO CLOUD, just other people's computers. - FSFE
LUGA : http://www.luga.at
_______________________________________________
busybox mailing list
[email protected]
https://lists.busybox.net/mailman/listinfo/busybox
