Kismet Wireless

Kismet Forums


Posted by:dragorn
Subject:Capability dropping
Date:17:45:42 13/08/2009

> What does having capability dropping allow kismet to do?

Drop capabilities not needed (capabilities as defined by the linux kernel, as in process privileges) from the component that must still run as root.

In other words, it makes Kismet more secure - firstly because it starts as a user and runs a process with very limited communications channels for what it needs to do as root, and secondly because for the component that must run as root, it drops all capabilities it doesn't need, which means if there WAS a security vulnerability, the chances of it being useful are reduced.

Of course, all this goes out the window if your distro / you just run it as root.


Reply to this message