[Chilli] ioctl Permission Errors in net.c

Timothy White timwhite88 at gmail.com
Mon Mar 28 10:43:48 UTC 2011


Having run a few days as root now and having no problems at ether
site. The question is, what are the security risks of running as root?
Do most people run coova chilli as root, or as it's own user?

Thanks

Tim

On Fri, Mar 25, 2011 at 4:21 PM, David Bird <david at coova.com> wrote:
> It is a runtime option to switch users after start.. See uid and gid options
>
> http://dev.coova.org/svn/coova-chilli/src/cmdline.ggo
>
> --
>   David
> On Mar 25, 2011, at 4:45 AM, Timothy White <timwhite88 at gmail.com> wrote:
>
> I have an issue that I thought was isolated to a single server with
> coova chilli randomly crashing with error messages. I've since upgrade
> them from 1.2.5 to 1.2.6 and the issues continued. Thinking it might
> be hardware related I just added a cronjob at 5 minute intervals to
> check if chilli is running and restart if not.
> Since then I have another freshly installed server also having the
> same issue. I've checked for IRQ interrupt conflicts and found none
> that I can see.
>
> The errors are as below, and sometimes just happen a few times. Other
> times they repeat a good number of times before chilli shutsdown
>
> Mar 25 11:32:16 HotSpot coova-chilli[3279]: net.c: 114: 13 (Permission
> denied) ioctl(SIOCSIFFLAGS) failed
> Mar 25 11:32:18 HotSpot coova-chilli[3280]: net.c: 114: 13 (Permission
> denied) ioctl(SIOCSIFFLAGS) failed
> Mar 25 11:32:43 HotSpot coova-chilli[3281]: net.c: 114: 13 (Permission
> denied) ioctl(SIOCSIFFLAGS) failed
> Mar 25 11:32:50 HotSpot coova-chilli[3282]: net.c: 114: 13 (Permission
> denied) ioctl(SIOCSIFFLAGS) failed
> Mar 25 11:32:51 HotSpot coova-chilli[3283]: net.c: 114: 13 (Permission
> denied) ioctl(SIOCSIFFLAGS) failed
> Mar 25 11:33:42 HotSpot coova-chilli[3233]: chilli.c: 5801:
> CoovaChilli shutting down
> Mar 25 11:33:42 HotSpot coova-chilli[3325]: main-script.c: 93: Running
> /etc/chilli/down.sh (105/0)
> Mar 25 11:33:42 HotSpot coova-chilli[3233]: net.c: 114: 13 (Permission
> denied) ioctl(SIOCSIFFLAGS) failed
>
> When it shutsdown it that's the last messages in the syslog until the
> cronjob starts it back up again.
>
> Any ideas? The things that comes to my mind first of all is that the
> thread trying to work on the device (not sure if it's tun0 or eth1) is
> running as chilli and not as root. I believe most of chilli drops root
> privs early on, but a thread/fork/process holds onto root for iptables
> and other things like that?
>
> Is there a compile time option to prevent it dropping privs so I can
> test that theory?
>
> Thanks
>
> Tim
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>


More information about the Chilli mailing list