Simon Josefsson <[email protected]> writes: > I noticed Guix installs ping and ping6 from inetutils with the setuid > bit enabled. There is new support for non-setuid usage in this release, > however I was not able to get it to work. Comparing with iputils' ping > it looks like what we have might not be sufficient, but I can't tell for > sure.
I was able to get non-root inetutils-ping to work like this: jas@latte:~/src/inetutils/ping$ sudo setcap cap_net_raw+ep ping jas@latte:~/src/inetutils/ping$ ./ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0,432 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0,479 ms Would this level of support allow guix to make ping/ping6 non-setuid? Debian ships with ping/ping6 from 'iputils' which appears to be maintained. It does a lot more with libcap-capabilities than Inetutils does, I wonder if there is anything there that is useful to borrow. /Simon [1] https://github.com/iputils/iputils
signature.asc
Description: PGP signature
