[Nfd-dev] NFD Ethernet faces and PrivilegeHelper
Davide Pesavento
davide.pesavento at lip6.fr
Tue Mar 27 20:32:44 PDT 2018
On Tue, Mar 27, 2018 at 10:50 PM, Junxiao Shi
<shijunxiao at email.arizona.edu> wrote:
>> > In NFD source code I notice that a setsockopt call in UDP multicast face
>> > creation is elevated to root, but there isn't a runElevated wrapper
>> > around
>> > pcap_activate.
>>
>> I have no idea if pcap_activate is the only function call that
>> requires root privileges in the EthernetTransport implementation. I
>> have personally never tested non-root scenarios, and the current code
>> was written with the assumption that it's running as root.
>>
>> Wrapping pcap_activate in runElevated may or may not be enough. You
>> can try and open a ticket or submit a patch if it works.
>
> Error message identifies pcap_activate as the troublemaker. Even if
> elevating privilege only at this function works now, another version of
> libpcap could have a different internal implementation that requires root in
> another function.
I don't think so. libpcap values backward compatibility a lot, this
won't change overnight.
In any case, it doesn't matter which setup function(s) is/are
privileged, we can execute the whole initialization procedure with
elevated privileges and drop them afterwards. The important thing is
figuring out whether sending/receiving packets on an open pcap handle
requires root or not.
>>
>> > NDN testbed router seems to be able to create Ethernet faces with no
>> > problem, but they have disabled privilege dropping altogether.
>> >
>> > What's the recommended method to enable Ethernet faces for a PPA package
>> > deployment? Am I supposed to disable privilege dropping as well? If so,
>> > should this be configured in PPA's nfd.conf?
>>
>> I don't know about the PPA's configuration file, but the original
>> nfd.conf.sample says that for Ethernet faces you either need to be
>> root or set the appropriate file capabilities on the nfd binary.
>
> PPA’s nfd.conf drops privilege to ndn:ndn. Are you suggesting PPA should do
> ‘setcap’, or not drop privileges at all?
I'm not suggesting anything, just adding more info.
Davide
More information about the Nfd-dev
mailing list