Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Creating raw socket in Python without root privileges

Tags:

python

linux

sockets

raw-sockets

Is it possible to create a raw socket without root privileges? If not, can a script elevate its privileges itself?

I wrote a Python script using a raw socket:

#!/usr/bin/env python

import socket
rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0800))
print "Worked!"

Running it with root privileges prints Worked!. However, it gives an error when run with normal user privileges.

I want to execute my script as a normal user, and it should create a raw socket without asking for anything. Is it possible?

like image 891
ρss Avatar asked Dec 24 '13 15:12

ρss

People also ask

Why do raw sockets require root privileges?

In short raw sockets is restricted to root because if it otherwise it would break other rules for networking that are in place. A long standing rule is that you cannot bind on a port lower than 1024 without root's blessing. With raw sockets you can simulate a server on any port.

Is socket listen blocking Python?

All socket methods are blocking. For example, when it reads from a socket or writes to it the program can't do anything else. One possible solution is to delegate working with clients to separate threads.

What is raw socket Python?

Raw socket is a layer 2 python library for communication using the MAC addresses only. This allows you to create a custom made Ethernet/WiFi communication system which is not using IP nor TCP/UDP or to debug custom frames such as SERCOS III, Profibus, ARP, PTP, ...

2 Answers

As you noted raw sockets require higher privilege than a regular user have. You can circumvent this issue in two ways:

  1. Activating the SUID bit for the file with a command like chmod +s file and set its owner to root with chown root.root file. This will run your script as root, regardless of the effective user that executed it. Of course this could be dangerous if your script has some flaw.
  2. Setting the CAP_NET_RAW capability on the given file with a command like setcap cap_net_raw+ep file. This will give it only the privileges required to open a raw socket and nothing else.

EDIT:

As pointed out by @Netch the given solutions will not work with any interpreted language (like Python). You will need some "hack" to make it work. Try googling for "Python SUID", you should find something.

like image 66
smeso Avatar answered Sep 21 '22 12:09

smeso

There is not a way for an unprivileged process (Python or otherwise) to elevate their own privileges. It's kind of the cornerstone of having this whole privileged/unprivileged users thinga-ma-jig. In regards to raw sockets, from manual page raw(7):

Only processes with an effective user ID of 0 or the CAP_NET_RAW capability are allowed to open raw sockets.

User ID of 0 means root. See here for info about raw sockets on linux.

As pointed out in Faust's answer/comments you won't be able to directly set the CAP_NET_RAW capability for your python program, due to it being a script that gets executed by the Python interpreter, but there may be solutions out on the web that can get around this limitation.

like image 25
mshildt Avatar answered Sep 18 '22 12:09

mshildt
Sign in to Comment

Related questions

Python: Sort custom class without use of `key` argument?
Python nested scopes with dynamic features
Cython: Nesting a union within a struct
Where can I check tornado's log file?
compare two variables in jinja2 template
pickle cython class
OpenCV Python calcOpticalFlowFarneback
args and kwargs in django views
How / Where to download Pylab for Python 2.7 on Win32?
How to execute a Javascript function in python with selenium
syntax error on nonlocal statement in Python
How do I use pymongo to connect to an existing document collection/db?
How to compute "EMD" for 2 numpy arrays i.e "histogram" using opencv?
Matplotlib.animation: how to remove white margin
flask unit test: how to test request from logged in user
copy command with psycopg2 library
Animation using matplotlib with subplots and ArtistAnimation
Sqlalchemy session.refresh does not refresh object
"pip install SQLAlchemy" Results in "fatal error: Python.h: No such file or directory"
Python: What does *= mean?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!