[Ns-developers] How to Handle Suid Root in Ns-3
Mathieu Lacage
mathieu.lacage at sophia.inria.fr
Mon Jul 21 11:28:53 PDT 2008
On Mon, 2008-07-21 at 11:07 -0700, craigdo at ee.washington.edu wrote:
> Hi all,
>
> I have a situation in the emulation work I'm doing for ns-3 where at least
> some of my code (devices) will need to have permission to access packet and
> raw sockets in Cygwin/Unix/OSX/Linux.
>
> The brute force and awkwardness approach is to do ns-3 development as root.
> Not a good option.
>
> A slightly less offensive approach is to setuid on the scripts that you
> build which will need permissions. This has the annoying step of requiring
> a setuid after each built; and leaves giant ns-3 scripts around that are
> suid root.
>
> One suggestion is to have a separate process around that can read and write
> raw sockets, but this seems to be a gargantuan security hole on any system
> running such a process.
Well, in the end, we need to make ns-3 read and write raw sockets,
right ? So, it seems hard to avoid doing that. What would be nice is
making sure that ns-3 cannot do anything _but_ that privileged
operation, and, if you wanted to do this, you could use a suid program
to open raw sockets for you and hand you the file descriptor once it is
created with a unix domain socket (see SCM_RIGHTS in "man 7 unix") and
sendmsg/recvmsg.
> I'm not a security expert by any stretch of the imagination, so I'm asking
> for suggestions or opinions, especially from security-aware types: How would
> you handle the requirement for permissions on net-devices in ns-3?
It would help a lot to know precisely the set of privileged operations
you need to be able to do. Is it really just about opening raw and
packet sockets ?
Mathieu
More information about the Ns-developers
mailing list