| View previous topic :: View next topic |
| Author |
Message |
kajzer
Guru
Joined: 27 Nov 2014
Posts: 489
|
 Posted: Sat Feb 09, 2019 8:40 pm Post subject: [Solved] Weird problem with ping |
 |
|
Never had this before, I have no idea where the problem is.
Ping as a user gives this :
| Code: | $ ping www.google.com
ping: socket: Address family not supported by protocol |
while as root it works
| Code: | # ping www.google.com
PING www.google.com (172.217.17.164) 56(84) bytes of data.
64 bytes from sof02s21-in-f164.1e100.net (172.217.17.164): icmp_seq=1 ttl=56 time=19.4 ms
... |
What could be causing this ?
Last edited by kajzer on Sat Feb 09, 2019 10:02 pm; edited 1 time in total |
|
| Back to top |
|
 |
mike155
Veteran
Joined: 17 Sep 2010
Posts: 1731
Location: Frankfurt, Germany
|
| Posted: Sat Feb 09, 2019 9:07 pm Post subject: |
|
|
| Quote: | | What could be causing this ? |
Wrong mode bits of /bin/ping, especially a missing 'S_ISUID' bit.
The output of 'ls -la /bin/ping' should be:
| Code: | | -rws--x--x 1 root root 56704 Jan 2 00:38 /bin/ping |
|
|
| Back to top |
|
|
kajzer
Guru
Joined: 27 Nov 2014
Posts: 489
|
| Posted: Sat Feb 09, 2019 9:12 pm Post subject: |
|
|
| mike155 wrote: | | Quote: | | What could be causing this ? |
Wrong mode bits of /bin/ping, especially a missing 'S_ISUID' bit.
The output of 'ls -la /bin/ping' should be:
| Code: | | -rws--x--x 1 root root 56704 Jan 2 00:38 /bin/ping |
|
Right, but how that happened ?
I even re-emerged iputils. |
|
| Back to top |
|
|
mike155
Veteran
Joined: 17 Sep 2010
Posts: 1731
Location: Frankfurt, Germany
|
| Posted: Sat Feb 09, 2019 9:17 pm Post subject: |
|
|
Maybe a nosuid flag in the mount options of a filesystem?
Or FEATURES="suidctl" in /etc/portage/make.conf? |
|
| Back to top |
|
|
kajzer
Guru
Joined: 27 Nov 2014
Posts: 489
|
| Posted: Sat Feb 09, 2019 9:32 pm Post subject: |
|
|
No, I did try to use Non Root Xorg, but that failed, all I did was -suid in xorg-server but I reverted that back to suid.
But I forgot about that before I posted this, it's probably related, can't think of anything else.
I solved ping permissions but wonder what else is there... |
|
| Back to top |
|
|
mike155
Veteran
Joined: 17 Sep 2010
Posts: 1731
Location: Frankfurt, Germany
|
| Posted: Sat Feb 09, 2019 9:42 pm Post subject: |
|
|
It's strange that 'emerge iputils' didn't fix the 's' mode bit for you.
On my machine, 'emerge iputils' fixes wrong mode bits:
| Code: | # chmod oug-s /bin/ping # remove s mode bit
# ls -la /bin/ping
-rwx--x--x 1 root root 60896 Feb 9 22:35 /bin/ping # s bit is missing
# emerge iputils
<some output>
# ls -la /bin/ping
-rws--x--x 1 root root 60896 Feb 9 22:37 /bin/ping # s bit was fixed
|
|
|
| Back to top |
|
|
kajzer
Guru
Joined: 27 Nov 2014
Posts: 489
|
| Posted: Sat Feb 09, 2019 10:00 pm Post subject: |
|
|
It was one step from Non Root Xorg Wiki :
| Code: | Create udev rule to change /dev/input group on boot:
SUBSYSTEM=="input", ACTION=="add", GROUP="input"
/etc/init.d/udev reload |
Once I reverted that all is good, 'emerge iputils' now sets it as it should.
Thanks mike155!  |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6036
|
| Posted: Sun Feb 10, 2019 2:52 am Post subject: |
|
|
| mike155 wrote: | | Quote: | | What could be causing this ? |
Wrong mode bits of /bin/ping, especially a missing 'S_ISUID' bit.
The output of 'ls -la /bin/ping' should be:
| Code: | | -rws--x--x 1 root root 56704 Jan 2 00:38 /bin/ping |
|
The output of 'ls -la /bin/ping' should really be:
| Code: | | -rwx--x--x 1 root root 55992 Jul 21 2018 /bin/ping |
And the output of 'getcap /bin/ping' should be:
| Code: | | /bin/ping = cap_net_raw+ep |
Don't needlessly give things suid root perms. USE=filecaps is on by default for a reason. |
|
| Back to top |
|
|
mike155
Veteran
Joined: 17 Sep 2010
Posts: 1731
Location: Frankfurt, Germany
|
| Posted: Mon Feb 11, 2019 10:45 am Post subject: |
|
|
Ant P: you're right! Thanks for pointing that out! I should have considered that many (most?) Gentoo systems use capabilities and extended attributes. On those machines, setting the S_ISUID mode bit is wrong.
Note: I don't use capabilities or extended attributes. Consequently, setting the S_ISUID mode bit for /bin/ping is the right thing to do on my machines. |
|
| Back to top |
|
|
|
Networking & Security
