SUMMARY: why traceroute can only be run by root?

From: Carlos Carvalho (carlos@snfep1.if.usp.br)
Date: Mon Apr 26 1993 - 16:49:22 CDT


Well, I've got lots of answers, looks like an easy question.

The outcome is that traceroute needs access to /dev/nit, which is
available only to root, for security reasons. That's because it works
by sending packets with special values of the time-to-live parameter,
and to construct them it's necessary to have access to the raw
protocol, which is a root priviledge.

It should thus be made suid root if others want to use it. Notice that
this is the same for ping.

Thanks to all who responded:

Timothy G. Smith <tgsmith@Sun.COM>
Jim Lick <jim@pi-chan.ucsb.edu>
Casper Dik <casper@fwi.uva.nl>
nelson.fernandez@att.com
Dan Schlitt <dan@ees1s0.engr.ccny.cuny.edu>
Christopher Hoover <ch@lks.csi.com>
<Piete.Brooks@cl.cam.ac.uk>
Steve Simmons <scs@lokkur.dexter.mi.us>
Pekka.Nikander@ajk.tele.fi
trinkle@cs.purdue.edu (Daniel Trinkle)
lf@gsc.ele.puc-rio.br (Luis Fernando V. Gomes)

Carlos



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:46 CDT