On Thu, 25 Feb 1999, Glynn Clements wrote:
> Kameswara Rao M. wrote:
>
> > When a user on my machine runs ping it says ping must run as root.
> > What can be the problem. Guess these programs r called setuid programs.
>
> Ping must be made setuid root in order for normal users to use it. You
> can do this with
> chown root.root `type -path ping`
> chmod u+s `type -path ping`
...
> In general, you should only make
> a program setuid if its documentation says that this is safe. Ping
> programs are generally designed to be safe when setuid.
A further note:
Ping opens a raw socket that can send any type of packet.
To do this requires root privileges.
Some OSes (not Linux) allow a regular user to attach a debugger to a program
that once was set-UID-root, but has returned to user privileges. Doing so
permits that raw socket to be used for Evil Purposes (tm).
To tie this into something I've recently been working on -- Wake-On-LAN.
WOL has a unique requirement: the Magic Packet used to wake up a machine has
to use the Ethernet station address of the target machine, but that machine
is powered off and thus won't respond to ARP packets. So I use a raw socket
to send the full packet to be transmitted, including the destination station
address.
Donald Becker [EMAIL PROTECTED]
USRA-CESDIS, Center of Excellence in Space Data and Information Sciences.
Code 930.5, Goddard Space Flight Center, Greenbelt, MD. 20771
301-286-0882 http://cesdis.gsfc.nasa.gov/people/becker/whoiam.html
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
