forwarded 611073 traceroute-de...@lists.sourceforge.net thanks Hi,
this is a forward of a bug report that a user just made, repeating from http://bugs.debian.org/611073 ---snip--- The upstream source contains a hardcoded test that makes it impossible to use file capabilities (libcap2) with traceroute, i.e., the use of '-I' is checked against superuser accesss. A simple removal of a single test makes the setting of "cap_net_raw" sufficient to use this mechanism. Upstream might be moved into providing this possibilility, enhanced by improved messages at the time of socket creation. Please consider the implications of this change, whether it be applicable or desireable. --- traceroute-2.0.15/traceroute/traceroute.c.orig 2010-07-14 15:54:03.000000000 +0200 +++ traceroute-2.0.15/traceroute/traceroute.c 2011-01-25 11:43:20.000000000 +0100 @@ -566,9 +566,14 @@ ops = tr_get_module (module); if (!ops) ex_error ("Unknown traceroute module %s", module); +#if 0 + /* Remove test in order to allow file capabilities management. + * The use of Linux specific "cap_net_raw" is sufficient. + */ if (!ops->user && geteuid () != 0) ex_error ("The specified type of tracerouting " "is allowed for superuser only"); +#endif if (!first_hop || first_hop > max_hops) ---snap--- Regards, Daniel -- Address: Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: daniel.baum...@progress-technologies.net Internet: http://people.progress-technologies.net/~daniel.baumann/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
