lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080603080529.GA9010@lapse.madduck.net>
Date:	Tue, 3 Jun 2008 10:05:29 +0200
From:	martin f krafft <madduck@...duck.net>
To:	netdev discussion list <netdev@...r.kernel.org>
Cc:	netconf developers list <netconf-devel@...ts.alioth.debian.org>
Subject: non-root, non-real network manipulation for netconf testing

Dear networking wizards,

This is a bit of a self-reflexive mail, but I hope some of you might
have some input...

In writing netconf[0], we are having a bit of a problem with the
test suite, since many of netconf's operations require root rights
(e.g. interface manipulation with /bin/ip). In addition, a test
suite manipulating the network configuration of the running machine
is not really something I feel comfortable with.

0. http://netconf.alioth.debian.org

So I am trying to come up with alternative plans, of which there are
three:

1. do not fail tests that need root rights when run as non-root
2. set up a VDE network (which still requires root rights)
3. write a mock /bin/ip which pretends to be doing what it'd be doing

None of these three is satisfactory. (1) provides incomplete test
coverage unless run by root, which is not going to be done very
often, (2) can be combined with (1) but still puts the host machine
in danger of losing connectivity, and (3) just sounds terrible,
especially when other stuff, like dhclient or wpa_supplicant come
into play.

Of course, I am asking a bit much, but maybe you guys have some
input that could help us move along?

What I really want is some context handler that can emulate
a complete network and process stack for my test scripts, let
a normal user modify anything they want, but not touch anything on
the actual system. Sort of like database transactions. I think I may
be out of luck though, no?

-- 
martin | http://madduck.net/ | http://two.sentenc.es/
 
"you don't sew with a fork, so I see no reason
 to eat with knitting needles."
                               -- miss piggy, on eating chinese food
 
spamtraps: madduck.bogus@...duck.net

Download attachment "digital_signature_gpg.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ