On 28-Dec-1999 Tomi Manninen OH2BNS wrote:
> On Tue, 28 Dec 1999, Dirk Koopman wrote:
>
>> I would like to hear the reasons why this feature is "root only",
>> especially
>> bearing in mind that computers running ax25 should be amateur use only.
>
> Amateur use only? Why?
This isn't the point. I do packet commercially (with some success) I wouldn't
volunterily use the ax25 stack because commercial packet radio has moved on
quite a way and ax25 simply isn't appropriate (nor approved of [commercially]
in EU) anymore. The world has moved on.
Please would you answer the question? Why does it _actually_ need root
privileges for ax25 protocol traffic? We are talking here about something
which, whatever you do, is insecure. Anybody can program a TNC to be any
callsign. Anybody can monitor anything using a TNC. Why does linux have to be
different?
One of the difficulties I face is persuading people that linux is better than
dos, they can do more, more easily and reliably. Instead, because of the
artificial distinctions that the ax25 kernel writers have made, it requires a
larger leap of understanding for most hams to get into linux packet radio
than, frankly, is truly necessary. They would rather mess about with what
even John would regard as alphaish, beta code and use bpq32 under Win98 than
swop to linux.
>> For the record, I too would like to be able to both receive and generate
>> UI frames from programs that are non-root. This is going to become an
>> issue
>> during the course of the year with my DXSpider cluster program.
>
> Generating UI frames as non-root is easy, just use a datagram socket.
> Receiving should be just as easy but I haven't tested. Of course you are
> then restricted to your own source call.
>
Which is exactly the point, it isn't. I want to implement a UI based DX
Cluster protocol so that, finally, we can move on a bit, reduce some
bandwidth and maybe even achieve some experimentation. In order to do that I
need to be able to send UI frames from my callsign to any address, listen for
UI frames from any address, to any address and process the ones I am
interested in (only a few of which will be addressed to me) and maybe (for
experimental purposes) relay some frames from one interface to another.
A good way to start this off would be to use another pid. However, I can't see
a way to use a specific pid on my UI frame without using a raw socket; there
doesn't seem to be a mechanism to handle pid specific traffic. There is no
concept of setting SO_BROADCAST on the socket. In fact there is no way AFAIK
to set a pid in any of the sockaddr structures available. So even 'normal'
things that you can do for IP, as a user, in this area are impossible.
In the meantime, whilst I will put up with process running as root to provide
an interface (very reluctantly, as I am moving away from that model now as it
tends to proliferate processes, use unnecessary memory as well being another
potential security hole that needs watching), the main cluster process does
_NOT_ (and will _NOT_) run as root.
I am just in the process of trying to see how this might be achieved by
studying the user_process stuff, but should you have any code available
(whether run by root or not) that can short circuit my learning the hard way,
it would be appreciated.
Dirk G1TLH
--
Dirk-Jan Koopman, Tobit Computer Co Ltd
At the source of every error which is blamed on the computer you will find
at least two human errors, including the error of blaming it on the computer.
