#3 Allow for capabilities enabled users to run arpon

[Victor "Nate" Graf]

Currenly arpon can only run as root. This is explicitly enforced by a startup ckeck, although with the full introduction of capabilities in kernel 2.6.4, it is possible that a non-root user can have permissions needed to run arpon. Such a user should be allowed to run arpon, and ideally arpon should always be run as a minimally permissioned user to make it a smaller target.

This is especially important in the case of Docker containers on untrusted networks, as because as arpon is currently written it is imporssible to run without making it a privilileged container, which in itself is a huge security hole.

Here are the changes I propose

1. Eliminate the the manual root user check in env.c (possibly replace it with a warning rather than a . With capabilities, it's very possible that a user may not be root, but will have NET_RAW and NET_ADMIN capabilities, and they should be allowed to run arpon.
2. Check procfs entries to see if they are already set correctly before attempting to write to them. This allows a user without permission to write to procfs to run arpon as long as root went in before hand and set the arp settings correctly. This is a simplest way I could think of to avoid giving the container root power over host kernel settings.

With this a non-root, but appropriatly priviliged, user or container can run arpon, improving security further!

Here are the code changes
https://github.com/nategraf/arpon/compare/master...capabilities