3. Make mtr-packet a setuid-root binary.
The mtr-packet binary can be made setuid-root, which is what "make install"
-does by default.
+does only if using setcap (above) fails. Using setcap is tried first.
When mtr-packet is installed as suid-root, some concern over security is
justified. mtr-packet does the following two things after it is launched:
ICMP packets.
* mtr-packet drops root privileges by setting the effective uid to
match uid or the user calling mtr.
+* If capabilities support is available, mtr-packet drops all privileged
+ capabilities.
See main() in packet.c and init_net_state_privileged() in probe_unix.c
for the details of this process.
projects / thirdparty / mtr.git / blobdiff