On 05/03/14 22:23, Brian wrote: > On Wed 05 Mar 2014 at 10:37:44 +1100, Scott Ferguson wrote: > >> There still remains the problem of why does it stop working. Bugreport? > > If the OP had an explanation for his /bin/ping in reality being > /bin/ping6 it might lead to a reason for his /bin/ping(6) losing its > capabilities. We then might not have to think in terms of a bug.
Agreed. > > For example: > > root@testing-jan20:~# getcap /bin/ping > /bin/ping = cap_net_raw+ep > > root@testing-jan20:~# cp /bin/ping /bin/myping Copying will remove the capabilities. 3rd sentence, first block of code in http://blog.fpmurphy.com/2009/05/linux-security-capabilities.html (good article, referenced in my earlier post) > > root@testing-jan20:~# getcap /bin/myping > root@testing-jan20:~# > > brian@testing-jan20:~$ ping -c5 www.debian.org > PING www.debian.org (5.153.231.4) 56(84) bytes of data. > 64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=1 ttl=55 time=44.4 > ms > 64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=2 ttl=55 time=43.8 > ms > 64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=3 ttl=55 time=43.9 > ms > 64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=4 ttl=55 time=44.2 > ms > 64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=5 ttl=55 time=44.0 > ms > > --- www.debian.org ping statistics --- > 5 packets transmitted, 5 received, 0% packet loss, time 4005ms > rtt min/avg/max/mdev = 43.885/44.125/44.458/0.307 ms > > brian@testing-jan20:~$ myping -c5 www.debian.org > ping: icmp open socket: Operation not permitted > > Capabilities are preserved using mv. > > Interesting. Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53170d5d.2070...@gmail.com
