On Wed 05 Mar 2014 at 09:29:18 +1100, Scott Ferguson wrote: > > On 04/03/14 19:16, Tim Ruehsen wrote: > >> Setting up iputils-ping (3:20121221-5) ... > >> Setcap worked! *Ping(6) is not suid!* > > The above line, emphasis mine, is what prompted second thoughts. > Perhaps one of the changes between the version you are running and mine > is that ping is no longer meant to run suid?
In unstable iputils-ping recommends libcap2-bin, which has setcap. From the postinst: # If we have setcap is installed, try setting cap_net_raw+ep, # which allows us to install our binaries without the setuid # bit. Also: root@desktop:~# apt-get install iputils-ping --no-install-recommends Reading package lists... Done Building dependency tree Reading state information... Done Recommended packages: libcap2-bin The following NEW packages will be installed: iputils-ping 0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded. Need to get 0 B/54.2 kB of archives. After this operation, 112 kB of additional disk space will be used. Selecting previously unselected package iputils-ping. (Reading database ... 45120 files and directories currently installed.) Preparing to unpack .../iputils-ping_3%3a20121221-5_i386.deb ... Unpacking iputils-ping (3:20121221-5) ... Processing triggers for man-db (2.6.5-3) ... Setting up iputils-ping (3:20121221-5) ... Setcap is not installed, falling back to setuid -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140304233708.ge8...@copernicus.demon.co.uk