From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set Date: Mon, 17 May 2021 21:01:54 +0200 Message-ID: <4924bc88-655d-2a81-96de-000a7362bece@ipfire.org> In-Reply-To: <7b61506c-84b9-f4e8-7a5f-5a8e8a39f795@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2013770548885713770==" List-Id: --===============2013770548885713770== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Cc: Michael Tremer Signed-off-by: Peter M=C3=BCller --- lfs/iputils | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lfs/iputils b/lfs/iputils index b1e2e2216..ae692df7a 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2018 IPFire Team = # +# Copyright (C) 2007-2021 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make ping tracepath - cd $(DIR_APP) && install -m 4755 ping /usr/bin + cd $(DIR_APP) && install -m 0755 ping /usr/bin cd $(DIR_APP) && install -m 0755 tracepath /usr/bin =20 + # Allow execution of /usr/bin/ping by other users than "root" + setcap cap_net_raw+ep /usr/bin/ping + # Some scripts expect ping in /bin/ping. ln -svf ../usr/bin/ping /bin/ping =20 --=20 2.26.2 --===============2013770548885713770==--