All geek questions in one place

Opening RAW sockets on Linux without using superuser

I need to write a ping function to work on Linux. The language is C ++, so C is great too.

Searching the Internet and searching for the source code for the ping command, it turns out that I have to create a raw socket:

 icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);

If I run my application without root, the socket function returns -1 , i.e. The socket was not created successfully. If I run it as root, everything works fine.

Now the ping command creates a raw socket, and I can run it without root privileges .

My question is: how can I give my application all the permissions necessary to create a raw socket that is not executed by the superuser?

+1
source share
2 answers

ping requires cap_net_raw ability to do this without (other) superuser rights, as well as your program. Run

 setcap cap_net_raw+ep your_executable_file

as root, and then ordinary users will be able to use the program.

+6
source

You can make your program a SUID command by granting it root permissions without giving them to the executing user. For an example and explanation see here .

+1
source

Source: https://habr.com/ru/post/987608/

More articles:


All Articles