Bug 589770 - libnet tests uid instead of posix capabilities
libnet tests uid instead of posix capabilities
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libnet (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Robert Scheck
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-06 16:38 EDT by Steve Grubb
Modified: 2010-07-09 17:22 EDT (History)
3 users (show)

See Also:
Fixed In Version: 1.1.4-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-09 17:22:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch attempting to fix the problem (2.82 KB, patch)
2010-05-06 16:43 EDT, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2010-05-06 16:38:10 EDT
Description of problem:
The suricata IDS system wants to change uid while retaining the CAP_NET_RAW capability. Libnet errors out saying that uid 0 is required. Checking for uid 0 is just a simple way of testing for capabilities. It should check the capability rather than uid.

Version-Release number of selected component (if applicable):
1.1.4-3
Comment 1 Steve Grubb 2010-05-06 16:43:00 EDT
Created attachment 412165 [details]
patch attempting to fix the problem

This patch necessitates adding "BuildRequires: libcap-ng-devel" and putting "autoreconf -fv --install" before configure.
Comment 2 Robert Scheck 2010-05-06 17:02:37 EDT
I've forwarded the patch to upstream. If upstream accepts the patch, I'll
apply it for Fedora.
Comment 3 Robert Scheck 2010-05-09 10:00:41 EDT
Steve, upstream told me: "There's an alternate fix for this on the head, simply 
not checking, and erroring out if we can't open the socket. Can you check that 
works for you?" -> http://github.com/sam-github/libnet 

Is upstream's solution solving the issue for you? And if not, why exactly?
Comment 4 Steve Grubb 2010-05-14 10:47:52 EDT
I did not test the new code, but I reviewed this patch:

http://github.com/sam-github/libnet/commit/671742244c20804c9e935326e3649dac3382f17a

It appears to solve the problem. I suppose pushing that into rawhide would be helpful. Thanks.
Comment 5 Robert Scheck 2010-07-09 17:22:22 EDT
Package: libnet-1.1.4-4.fc14 Tag: dist-f14 Status: complete Built by: robert

Note You need to log in before you can comment on or make changes to this bug.