Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Capability Dropping Compiling Question?
Date:18:12:36 23/09/2009

>
> I am getting this output when ./configure - ing.
>
> Capability Dropping: no
>
> I am running ubuntu 9.04 and for the life of me cannot find out what "pre-reqs" are needed to enable everything.
>
> Everything else is enabled :) Just this last feature I was hoping to get running since its a pretty big security concern.

I should be a little clearer in the docs...

For capability dropping, you need libcap (and therefor, libcap-dev most likely, depending on what your distro calls it).

Capability dropping happens on top of suid dropping. You'll still get privsep in suid mode, even if you don't have capability dropping. Capdrop uses the linux kernel capabilities control to dump some additional privs from the root binary, which should make it even more secure since it won't be able to do a bunch of stuff root normally can.

Having it is good, but not entirely vital, in other words.

-m


Reply to this message