Bug 589770

Summary: libnet tests uid instead of posix capabilities
Product: [Fedora] Fedora Reporter: Steve Grubb <sgrubb>
Component: libnetAssignee: Robert Scheck <redhat-bugzilla>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: gwync, pertusus, redhat-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.1.4-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-09 21:22:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch attempting to fix the problem none

Description Steve Grubb 2010-05-06 20:38:10 UTC 
Description of problem:
The suricata IDS system wants to change uid while retaining the CAP_NET_RAW capability. Libnet errors out saying that uid 0 is required. Checking for uid 0 is just a simple way of testing for capabilities. It should check the capability rather than uid.

Version-Release number of selected component (if applicable):
1.1.4-3
Comment 1 Steve Grubb 2010-05-06 20:43:00 UTC 
Created attachment 412165 [details]
patch attempting to fix the problem

This patch necessitates adding "BuildRequires: libcap-ng-devel" and putting "autoreconf -fv --install" before configure.
Comment 2 Robert Scheck 2010-05-06 21:02:37 UTC 
I've forwarded the patch to upstream. If upstream accepts the patch, I'll
apply it for Fedora.
Comment 3 Robert Scheck 2010-05-09 14:00:41 UTC 
Steve, upstream told me: "There's an alternate fix for this on the head, simply 
not checking, and erroring out if we can't open the socket. Can you check that 
works for you?" -> http://github.com/sam-github/libnet 

Is upstream's solution solving the issue for you? And if not, why exactly?
Comment 4 Steve Grubb 2010-05-14 14:47:52 UTC 
I did not test the new code, but I reviewed this patch:

http://github.com/sam-github/libnet/commit/671742244c20804c9e935326e3649dac3382f17a

It appears to solve the problem. I suppose pushing that into rawhide would be helpful. Thanks.
Comment 5 Robert Scheck 2010-07-09 21:22:22 UTC 
Package: libnet-1.1.4-4.fc14 Tag: dist-f14 Status: complete Built by: robert