Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I know the fact that PF_PACKET-family socket requires root privilege,
but I don’t know how that is configured on linux.
Anyone knows how, is it hard-coded in the kernel directly?
It used to be the case that it was just hard-coded in the kernel.
But starting with version 2.2, Linux has introduced capabilities (see http://linux.die.net/man/7/capabilities) and the kernel now checks for the CAP_NET_RAW capability – see net/packet/af_packet.c.
The root user is still assumed to have all capabilities. Although keep in mind that with virtualization and multiple containers, there can be multiple distinct root users – so even the check for root is a bit more complicated nowadays than just checking uid==0 – see security/commoncap.c.