insufficient privileges for ping
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iputils (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Package Version: iputils-ping 3:20211215-1
Expect to happen: Use the full functionality of ping as an unprivileged user.
What happened instead: In most cases, ping works fine. However, when using the ‘-m’ option to mark outgoing packets, it fails due to lack of privileges.
ping -m 11 www.ubuntu.com
ping: WARNING: failed to set mark: 11: Operation not permitted
PING www.ubuntu.com (185.125.190.21) 56(84) bytes of data.
ping: WARNING: failed to set mark: 11: Operation not permitted
64 bytes from website-
64 bytes from website-
64 bytes from website-
Problems: ping command is configured with cap_net_raw, but in order to tag the outgoing packets, cap_net_admin is needed as well. After we switch to root and assign these two capabilities(
getcap `which ping`
/usr/bin/ping cap_net_raw=ep
sudo setcap cap_net_
ping -m 11 www.ubuntu.com
PING www.ubuntu.com (185.125.190.20) 56(84) bytes of data.
64 bytes from website-
64 bytes from website-
64 bytes from website-
64 bytes from website-
Since the ping command chooses to use capabilities instead of superuser privileges (which is conducive to least privilege), it should be given enough capabilities to do the whole thing.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: iputils-ping 3:20211215-1
ProcVersionSign
Uname: Linux 6.2.0-39-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Wed Dec 27 16:24:56 2023
InstallationDate: Installed on 2023-12-26 (0 days ago)
InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230807.2)
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: iputils
UpgradeStatus: No upgrade log present (probably fresh install)