From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] iputils: fix ping and traceroute6 executable permissions
Date: Sat, 13 Jan 2018 23:37:09 +0100 [thread overview]
Message-ID: <20180113223709.GJ3226@scaer> (raw)
In-Reply-To: <CANQCQpYOku9_1AZtk9Qw=j=wMw2PKb=8hS0=dCvsZfbeR29e7Q@mail.gmail.com>
Matt, Einar, All,
On 2018-01-13 15:54 -0600, Matthew Weber spake thusly:
> On Sat, Jan 13, 2018 at 2:19 PM, <tolvupostur@gmail.com> wrote:
> > From: Einar Jon Gunnarsson <tolvupostur@gmail.com>
> > The iputils executables are installed without the setuid bit set,
> > which prevents some programs from working.
> >
>
> Does your use case involve a system with non-root users?
>
> Could you describe what you mean by "some programs"?
>
> The landscape of how ping gets elevated privileges for raw socket
> access has a number of options (setuid / cap_net_raw capability / new
> socket type). The backwards compatible fix would be to use setuid
> but from a security hardening aspect, I wish we could set capabilities
> for this instead. The issue I see is the filesystem type dependency
> so we can pre-set the capabilities in xattribs. I'll have to ask
> around if setuid vs capabilities has come up before but as most
> buildroot systems run as root, I'm guessing it hasn't been a hot
> topic.
>
> Some backstory on Ubuntu's situation, I believe as of 16.04 they still
> did setuid but have selectively transitioned to not.
> https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/534341
Still the case in 17.10, and if I remove the setuid bit, it fails:
$ ping some-host
ping: socket: Operation not permitted
Regards,
Yann E. MORIN.
> > +define IPUTILS_PERMISSIONS
> > + /bin/ping f 4755 0 0 - - - - -
> > + /bin/traceroute6 f 4755 0 0 - - - - -
> > +endef
>
> The package installs other binaries when IPUTILS_INSTALL_TARGET_CMDS
> executes, did you confirm that none of the others also require it?
>
> Matt
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2018-01-13 22:37 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-13 20:19 [Buildroot] [PATCH] iputils: fix ping and traceroute6 executable permissions tolvupostur at gmail.com
2018-01-13 21:54 ` Matthew Weber
2018-01-13 22:37 ` Yann E. MORIN [this message]
2018-01-14 5:50 ` Baruch Siach
2018-01-14 10:28 ` Einar Jón
2018-01-15 9:50 ` Einar Jón
2018-01-17 22:24 ` Thomas Petazzoni
2018-01-21 20:27 ` Peter Korsgaard
2018-01-31 7:51 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180113223709.GJ3226@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox