Hi Sukchan and friends,
the installation instructions recommend changing the permissions of /dev/net/tun,
which can be dangerous as it gives permissions to potentially many other processes.
There are several better alternatives to this:
1) give CAP_NET_ADMIN permission to the pgw binary:
Simply execute "setcap cap_net_admin=ep /usr/local/bin/nextepc-pgwd"
and then you can run the process as 'nextepc' user, like the other processes.
The sad part about this is that nextepc-pgwd has now the power to reconfigure
anything about linux netwowrking. The best approach would be to drop those
capabiligies after creating/configuring the tun devices using
prctl(PR_CAPBSET_DROP, CAP_NET_ADMIN) - this way it is ensured that
after start-up, no capabilities survive, and even if somebody manages
to get code execution in the PGW, it is not a privilege escalation.
2) create the tun devices *before* starting the P-GW, and then start the
PGW as non-root. We offer this method in OsmoGGSN, see Section 8.3
of http://ftp.osmocom.org/docs/latest/osmoggsn-usermanual.pdf
This can even be done with systemd now.
I suggest to first change the documentation to recomend the setcap
approach, and then later to adopt privilege dropping or another
approach.
Regards,
Harald
--
- Harald Welte <laforge@gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)