From e4c3bcc7eed6e25feec39e94f96b83f61b2834ae Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Mon, 17 May 2021 21:01:54 +0200 Subject: [PATCH] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Cc: Michael Tremer Signed-off-by: Peter Müller Signed-off-by: Michael Tremer --- lfs/iputils | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lfs/iputils b/lfs/iputils index b1e2e22162..ae692df7ad 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make ping tracepath - cd $(DIR_APP) && install -m 4755 ping /usr/bin + cd $(DIR_APP) && install -m 0755 ping /usr/bin cd $(DIR_APP) && install -m 0755 tracepath /usr/bin + # Allow execution of /usr/bin/ping by other users than "root" + setcap cap_net_raw+ep /usr/bin/ping + # Some scripts expect ping in /bin/ping. ln -svf ../usr/bin/ping /bin/ping -- 2.39.5