Red Hat Bugzilla – Bug 589770
libnet tests uid instead of posix capabilities
Last modified: 2010-07-09 17:22:22 EDT
Description of problem:
The suricata IDS system wants to change uid while retaining the CAP_NET_RAW capability. Libnet errors out saying that uid 0 is required. Checking for uid 0 is just a simple way of testing for capabilities. It should check the capability rather than uid.
Version-Release number of selected component (if applicable):
Created attachment 412165 [details]
patch attempting to fix the problem
This patch necessitates adding "BuildRequires: libcap-ng-devel" and putting "autoreconf -fv --install" before configure.
I've forwarded the patch to upstream. If upstream accepts the patch, I'll
apply it for Fedora.
Steve, upstream told me: "There's an alternate fix for this on the head, simply
not checking, and erroring out if we can't open the socket. Can you check that
works for you?" -> http://github.com/sam-github/libnet
Is upstream's solution solving the issue for you? And if not, why exactly?
I did not test the new code, but I reviewed this patch:
It appears to solve the problem. I suppose pushing that into rawhide would be helpful. Thanks.
Package: libnet-1.1.4-4.fc14 Tag: dist-f14 Status: complete Built by: robert