On 05/03/14 22:23, Brian wrote:
> On Wed 05 Mar 2014 at 10:37:44 +1100, Scott Ferguson wrote:
> 
>> There still remains the problem of why does it stop working. Bugreport?
> 
> If the OP had an explanation for his /bin/ping in reality being
> /bin/ping6 it might lead to a reason for his /bin/ping(6) losing its
> capabilities. We then might not have to think in terms of a bug.

Agreed.

> 
> For example:
> 
>   root@testing-jan20:~# getcap /bin/ping
>   /bin/ping = cap_net_raw+ep
> 
>   root@testing-jan20:~# cp /bin/ping /bin/myping

Copying will remove the capabilities.
3rd sentence, first block of code in
http://blog.fpmurphy.com/2009/05/linux-security-capabilities.html  (good
article, referenced in my earlier post)

> 
>   root@testing-jan20:~# getcap /bin/myping
>   root@testing-jan20:~#
> 
>   brian@testing-jan20:~$ ping -c5 www.debian.org
>   PING www.debian.org (5.153.231.4) 56(84) bytes of data.
>   64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=1 ttl=55 time=44.4 
> ms
>   64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=2 ttl=55 time=43.8 
> ms
>   64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=3 ttl=55 time=43.9 
> ms
>   64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=4 ttl=55 time=44.2 
> ms
>   64 bytes from senfter.debian.org (5.153.231.4): icmp_seq=5 ttl=55 time=44.0 
> ms
> 
>   --- www.debian.org ping statistics ---
>   5 packets transmitted, 5 received, 0% packet loss, time 4005ms
>   rtt min/avg/max/mdev = 43.885/44.125/44.458/0.307 ms
> 
>   brian@testing-jan20:~$ myping -c5 www.debian.org
>   ping: icmp open socket: Operation not permitted
> 
> Capabilities are preserved using mv.
> 
> 
Interesting.

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53170d5d.2070...@gmail.com

Reply via email to