From: Peter Müller <peter.mueller@ipfire.org>
Date: Mon, 17 May 2021 19:01:54 +0000 (+0200)
Subject: /usr/bin/ping does not need a SUID bit if appropriate capabilities are set
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e4c3bcc7eed6e25feec39e94f96b83f61b2834ae;p=people%2Fstevee%2Fipfire-2.x.git

/usr/bin/ping does not need a SUID bit if appropriate capabilities are set

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/lfs/iputils b/lfs/iputils
index b1e2e22162..ae692df7ad 100644
--- a/lfs/iputils
+++ b/lfs/iputils
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && make ping tracepath
-	cd $(DIR_APP) && install -m 4755 ping /usr/bin
+	cd $(DIR_APP) && install -m 0755 ping /usr/bin
 	cd $(DIR_APP) && install -m 0755 tracepath /usr/bin
 
+	# Allow execution of /usr/bin/ping by other users than "root"
+	setcap cap_net_raw+ep /usr/bin/ping
+
 	# Some scripts expect ping in /bin/ping.
 	ln -svf ../usr/bin/ping /bin/ping