4

In order to get around the 'problem' of applications requiring root privileges to run, I'm using:

sudo setcap CAP_NET_ADMIN+ep "$(readlink -f /usr/sbin/app)"
sudo setcap CAP_NET_RAW+ep "$(readlink -f /usr/sbin/app)"

to be able to use the required raw net functionality (In this case so python can use SOCK_RAW) without having to use sudo. What are the security implications of doing this in a customer facing environment? Could this be abused in an unforeseen way?

This is running on a Ubuntu server.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
Crizly
  • 2,597
  • 4
  • 18
  • 29

1 Answers1

2

Capabilities are described in the capabilities(7) manpage.

To summarize and security-wise:

  • CAP_NET_RAW: Any kind of packet can be forged, which includes faking senders, sending malformed packets, etc., this also allows to bind to any address (associated to the ability to fake a sender this allows to impersonate a device, legitimately used for "transparent proxying" as per the manpage but from an attacker point-of-view this term is a synonym for Man-in-The-Middle),

  • CAP_NET_ADMIN: Basically no restriction in controlling the network interfaces, which includes not only the network card itself (modify network configuration, switch the card into promiscuous mode to capture traffic, etc.) but also firewalling (don't miss this one!) and routing tables (allows to route traffic through a malicious host).

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104