* [Buildroot] Iputils not setting suid root?
@ 2018-01-12 9:29 Einar Jón
2018-01-12 9:50 ` Thomas Petazzoni
0 siblings, 1 reply; 5+ messages in thread
From: Einar Jón @ 2018-01-12 9:29 UTC (permalink / raw)
To: buildroot
Hello,
I just changed my setup from using busybox to using iputils.
Now I can't ping/traceroute6 anymore unless I use sudo. Is that normal?
In my ubuntu the suid bit is set, so I just copied that behaviour, and
that works.
I added the patch below to package/iputils/iputils.mk to set the permissions.
Is there any reason why it's not done?
diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index b20cd12..13e3389 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -69,4 +69,9 @@ define IPUTILS_INSTALL_TARGET_CMDS
$(INSTALL) -D -m 755 $(@D)/traceroute6 $(TARGET_DIR)/bin/traceroute6
endef
+define IPUTILS_PERMISSIONS
+ /bin/ping f 4755 0 0 - - - - -
+ /bin/traceroute6 f 4755 0 0 - - - - -
+endef
+
$(eval $(generic-package))
-------------
[user at arm ~]$ ping google.com
ping: socket: Operation not permitted
ping: socket: Address family not supported by protocol
[user at arm ~]$ ls -l $(which ping)
-rwxr-xr-x 1 root root 47620 Jan 2 12:49 /bin/ping
[user at arm ~]$ sudo chmod u+s /bin/ping
[user at arm ~]$ ping google.com
PING google.com (216.58.212.238) 56(84) bytes of data.
64 bytes from ams16s22-in-f14.1e100.net (216.58.212.238): icmp_seq=1
ttl=55 time=5.57 ms
^C
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] Iputils not setting suid root?
2018-01-12 9:29 [Buildroot] Iputils not setting suid root? Einar Jón
@ 2018-01-12 9:50 ` Thomas Petazzoni
2018-01-12 10:54 ` Einar Jón
0 siblings, 1 reply; 5+ messages in thread
From: Thomas Petazzoni @ 2018-01-12 9:50 UTC (permalink / raw)
To: buildroot
Hello,
On Fri, 12 Jan 2018 10:29:35 +0100, Einar J?n wrote:
> I just changed my setup from using busybox to using iputils.
> Now I can't ping/traceroute6 anymore unless I use sudo. Is that normal?
> In my ubuntu the suid bit is set, so I just copied that behaviour, and
> that works.
>
> I added the patch below to package/iputils/iputils.mk to set the permissions.
> Is there any reason why it's not done?
>
> diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
> index b20cd12..13e3389 100644
> --- a/package/iputils/iputils.mk
> +++ b/package/iputils/iputils.mk
> @@ -69,4 +69,9 @@ define IPUTILS_INSTALL_TARGET_CMDS
> $(INSTALL) -D -m 755 $(@D)/traceroute6 $(TARGET_DIR)/bin/traceroute6
> endef
>
> +define IPUTILS_PERMISSIONS
> + /bin/ping f 4755 0 0 - - - - -
> + /bin/traceroute6 f 4755 0 0 - - - - -
> +endef
> +
> $(eval $(generic-package))
That's a bug. Could you submit a proper patch that fixes this ?
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] Iputils not setting suid root?
2018-01-12 9:50 ` Thomas Petazzoni
@ 2018-01-12 10:54 ` Einar Jón
2018-01-12 10:57 ` Thomas Petazzoni
0 siblings, 1 reply; 5+ messages in thread
From: Einar Jón @ 2018-01-12 10:54 UTC (permalink / raw)
To: buildroot
OK
On 12 January 2018 at 10:50, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Fri, 12 Jan 2018 10:29:35 +0100, Einar J?n wrote:
>
>> I just changed my setup from using busybox to using iputils.
>> Now I can't ping/traceroute6 anymore unless I use sudo. Is that normal?
>> In my ubuntu the suid bit is set, so I just copied that behaviour, and
>> that works.
>>
>> I added the patch below to package/iputils/iputils.mk to set the permissions.
>> Is there any reason why it's not done?
>>
>> diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
>> index b20cd12..13e3389 100644
>> --- a/package/iputils/iputils.mk
>> +++ b/package/iputils/iputils.mk
>> @@ -69,4 +69,9 @@ define IPUTILS_INSTALL_TARGET_CMDS
>> $(INSTALL) -D -m 755 $(@D)/traceroute6 $(TARGET_DIR)/bin/traceroute6
>> endef
>>
>> +define IPUTILS_PERMISSIONS
>> + /bin/ping f 4755 0 0 - - - - -
>> + /bin/traceroute6 f 4755 0 0 - - - - -
>> +endef
>> +
>> $(eval $(generic-package))
>
> That's a bug. Could you submit a proper patch that fixes this ?
>
Attached one below, done against current master (84e835e)
I hope that's the way you want it.
> Thanks!
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux and Kernel engineering
> http://free-electrons.com
--
Regards
Einar J?n
+31 610 957234
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-iputils-add-suid-permissions.patch
Type: application/octet-stream
Size: 782 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20180112/cf76ecf5/attachment.obj>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] Iputils not setting suid root?
2018-01-12 10:54 ` Einar Jón
@ 2018-01-12 10:57 ` Thomas Petazzoni
2018-01-12 11:47 ` Einar Jón
0 siblings, 1 reply; 5+ messages in thread
From: Thomas Petazzoni @ 2018-01-12 10:57 UTC (permalink / raw)
To: buildroot
Hello,
On Fri, 12 Jan 2018 11:54:40 +0100, Einar J?n wrote:
> > That's a bug. Could you submit a proper patch that fixes this ?
> >
>
> Attached one below, done against current master (84e835e)
> I hope that's the way you want it.
It is almost good :)
Things to adjust:
- We need your Signed-off-by at the end of the commit log.
- Please send the patch inline, using "git send-email". This makes
review easier, and allows our patchwork tracking tool
(http://patchwork.ozlabs.org/project/buildroot/list/) to properly
record the patch.
- You could slightly tweak the commit log, with something like: "The
ping and traceroute6 programs need to be SUID-root to work
correctly."
Could you fix those minor details and send an updated version?
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] Iputils not setting suid root?
2018-01-12 10:57 ` Thomas Petazzoni
@ 2018-01-12 11:47 ` Einar Jón
0 siblings, 0 replies; 5+ messages in thread
From: Einar Jón @ 2018-01-12 11:47 UTC (permalink / raw)
To: buildroot
OK.
I installed git-email, and followed
https://buildroot.org/downloads/manual/manual.html#submitting-patches
but my workplace blocks emails that are not sent via Outlook, and my work email
is not on the buldroot mailing list, so I don't think could get it through.
Sending an update with the cc-s suggested.
--
Regards
Einar J?n
On 12 January 2018 at 11:57, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Fri, 12 Jan 2018 11:54:40 +0100, Einar J?n wrote:
>
>> > That's a bug. Could you submit a proper patch that fixes this ?
>> >
>>
>> Attached one below, done against current master (84e835e)
>> I hope that's the way you want it.
>
> It is almost good :)
>
> Things to adjust:
>
> - We need your Signed-off-by at the end of the commit log.
>
> - Please send the patch inline, using "git send-email". This makes
> review easier, and allows our patchwork tracking tool
> (http://patchwork.ozlabs.org/project/buildroot/list/) to properly
> record the patch.
>
> - You could slightly tweak the commit log, with something like: "The
> ping and traceroute6 programs need to be SUID-root to work
> correctly."
>
> Could you fix those minor details and send an updated version?
>
> Thanks!
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux and Kernel engineering
> http://free-electrons.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-iputils-fix-ping-and-traceroute6-executable-permissi.patch
Type: application/octet-stream
Size: 1064 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20180112/3734b674/attachment.obj>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-12 11:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-12 9:29 [Buildroot] Iputils not setting suid root? Einar Jón
2018-01-12 9:50 ` Thomas Petazzoni
2018-01-12 10:54 ` Einar Jón
2018-01-12 10:57 ` Thomas Petazzoni
2018-01-12 11:47 ` Einar Jón
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox