eCAP

eCap adapter to have root privileges

Asked by Ruchika

Hello,

icmp_sock = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);

The above command is from Squid which works. But if I run the same command in my eCap adapter I get an error.
EPERM (Operation not permitted).

Since this error comes to me only in case of eCap adapter I thought I could ask this query to you.

I am running Squid as root and squid and ecap adapter executables have root as owner.

Cheers.

Question information

Language:
English Edit question
Status:
Solved
For:
eCAP Edit question
Assignee:
No assignee Edit question
Solved by:
Ruchika
Solved:
Last query:
Last reply:
Revision history for this message
Ruchika (ruchika-nayyar) said : 		#1

I was able to solve this problem. I was not running my code correctly.

Revision history for this message
Alex Rousskov (rousskov) said : 		#2

Good question. I am updating this for others' benefit even though you know the answer already. Please feel free to post your code/configuration that solved the problem for you.

eCAP adapters are at the mercy of the host application when it comes to privileged access. For example:

* If the host application runs as root, the adapter runs as root. Most servers and proxies will not run as root by default.

* If the host application was started as root and has not abandoned its privileges completely, the adapter can enable those privileges. A good adapter will only do so temporary, during a single eCAP method call, to avoid exposing the host application to root access dangers.

* If the host application was started as root but has irreversibly abandoned its privileges, the adapter code cannot gain root access.