Your message dated Fri, 26 Feb 2016 07:38:13 -0800 with message-id <[email protected]> and subject line has caused the Debian Bug report #778500, regarding iputils-ping: reconfiguring with setcap leaves the binary suid to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 778500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778500 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: iputils-ping Version: 3:20121221-5 Tags: patch I have installed iputils-ping without having setcap, so the /bin/ping* binaries where suid root thanks to the warning message, I have installed libcap2-bin and then ran dpkg-reconfigure on iputils-ping, but even if the setcap was done correctly, the binaries remain setuid I have to remove and then reinstall iputils-ping to have /bin/ping* nosuid and with capabilities the attached patch should be sufficient for ping, but also the arping, clockdiff and tracepath postinst files should be modified accordingly ciao--- iputils-ping.postinst 2014-02-01 22:16:48.000000000 +0100 +++ iputils-ping.postinst.nosuid 2015-02-15 23:10:10.459548411 +0100 @@ -8,6 +8,7 @@ # bit. if command -v setcap > /dev/null; then if setcap cap_net_raw+ep /bin/ping cap_net_raw+ep /bin/ping6; then + chmod u-s /bin/ping /bin/ping6 echo "Setcap worked! Ping(6) is not suid!" else echo "Setcap failed on /bin/ping, falling back to setuid" >&2
--- End Message ---
--- Begin Message ---This was fixed with the recent 20150815-1 upload.
--- End Message ---
