Upgrade ping to latest version that doesn't require SUID or NET_RAW capability
Bug #1588917 reported by
Ricardo
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iputils (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
The latest version of iputils have the option of using SOCK_DGRAM packets instead of SOCK_RAW, provided that the net.ipv4.
Also, the ubuntu-minimal packages should not include this package as a hard dependency in case I want to uninstall iputils-ping to substitute it for another package like oping which just works if I turn off the setuid bit.
This would help a lot with secure Linux containers with no NET_RAW capabilities.
description: | updated |
Changed in iputils (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
To post a comment you must log in.
I believe that section of the kernel code has had three user->ring0 vulnerabilities so far. It might be worth waiting a bit longer before enabling its use by default.
Thanks