问题
I've to write an application on Linux that has the requirement to talk with a device with custom Ethernet type. There are many solutions even in SO how to write such an application. A drawback is that for this root access is needed (AFAIK). Releasing the root rights afterwards could be an option, but it raises the problem that the program is developed in an IDE, which I don't like to run as root. In my special case the main application is written in Python which would mean to give root access to the whole Python interpreter. I'm looking into possible alternatives. E.g.
Writing a tiny UDP/TCP server that redirects every raw packet over TCP/UDP. This could be written in Python as well. Only this tiny application needs root rights.
Using socat for redirection, unfortunately I'm unable to find an option to only care about one Ethernet type on not get overflowed by IP packets.
Any other ideas?
回答1:
I think you only need to be root, or have CAP_NET_RAW, to open the socket. Once the socket is open, you can be any user you like.
So have either:
- A setuid helper program which opens a raw socket, binds it (if necessary), then drops its root privileges and exec's your main program, keeping the socket open and passing the file descriptor number somehow (command line? Environment variable?)
A setuid helper which will pass an open file descriptor using another mechanism (e.g. unix socket)
A root-owned daemon which passes such an open socket descriptor to other programs upon request
来源:https://stackoverflow.com/questions/16701821/send-receiving-raw-ethernet-frames