Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Weird problem with ping
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kajzer
Guru
Guru


Joined: 27 Nov 2014
Posts: 365

PostPosted: Sat Feb 09, 2019 8:40 pm    Post subject: [Solved] Weird problem with ping Reply with quote

Never had this before, I have no idea where the problem is.

Ping as a user gives this :
Code:
$ ping www.google.com                                                                                                                                                                                                       
ping: socket: Address family not supported by protocol


while as root it works
Code:
# ping www.google.com                                                                                                                                                                                                 
PING www.google.com (172.217.17.164) 56(84) bytes of data.
64 bytes from sof02s21-in-f164.1e100.net (172.217.17.164): icmp_seq=1 ttl=56 time=19.4 ms
...


What could be causing this ?


Last edited by kajzer on Sat Feb 09, 2019 10:02 pm; edited 1 time in total
Back to top
View user's profile Send private message
mike155
l33t
l33t


Joined: 17 Sep 2010
Posts: 989
Location: Frankfurt, Germany

PostPosted: Sat Feb 09, 2019 9:07 pm    Post subject: Reply with quote

Quote:
What could be causing this ?

Wrong mode bits of /bin/ping, especially a missing 'S_ISUID' bit.

The output of 'ls -la /bin/ping' should be:
Code:
-rws--x--x 1 root root 56704 Jan  2 00:38 /bin/ping
Back to top
View user's profile Send private message
kajzer
Guru
Guru


Joined: 27 Nov 2014
Posts: 365

PostPosted: Sat Feb 09, 2019 9:12 pm    Post subject: Reply with quote

mike155 wrote:
Quote:
What could be causing this ?

Wrong mode bits of /bin/ping, especially a missing 'S_ISUID' bit.

The output of 'ls -la /bin/ping' should be:
Code:
-rws--x--x 1 root root 56704 Jan  2 00:38 /bin/ping


Right, but how that happened ?
I even re-emerged iputils.
Back to top
View user's profile Send private message
mike155
l33t
l33t


Joined: 17 Sep 2010
Posts: 989
Location: Frankfurt, Germany

PostPosted: Sat Feb 09, 2019 9:17 pm    Post subject: Reply with quote

Maybe a nosuid flag in the mount options of a filesystem?

Or FEATURES="suidctl" in /etc/portage/make.conf?
Back to top
View user's profile Send private message
kajzer
Guru
Guru


Joined: 27 Nov 2014
Posts: 365

PostPosted: Sat Feb 09, 2019 9:32 pm    Post subject: Reply with quote

No, I did try to use Non Root Xorg, but that failed, all I did was -suid in xorg-server but I reverted that back to suid.
But I forgot about that before I posted this, it's probably related, can't think of anything else.
I solved ping permissions but wonder what else is there...
Back to top
View user's profile Send private message
mike155
l33t
l33t


Joined: 17 Sep 2010
Posts: 989
Location: Frankfurt, Germany

PostPosted: Sat Feb 09, 2019 9:42 pm    Post subject: Reply with quote

It's strange that 'emerge iputils' didn't fix the 's' mode bit for you.

On my machine, 'emerge iputils' fixes wrong mode bits:
Code:
# chmod oug-s /bin/ping                                # remove s mode bit

# ls -la /bin/ping
-rwx--x--x 1 root root 60896 Feb  9 22:35 /bin/ping    # s bit is missing

# emerge iputils
<some output>

# ls -la /bin/ping
-rws--x--x 1 root root 60896 Feb  9 22:37 /bin/ping    # s bit was fixed
Back to top
View user's profile Send private message
kajzer
Guru
Guru


Joined: 27 Nov 2014
Posts: 365

PostPosted: Sat Feb 09, 2019 10:00 pm    Post subject: Reply with quote

It was one step from Non Root Xorg Wiki :
Code:
Create udev rule to change /dev/input group on boot:
SUBSYSTEM=="input", ACTION=="add", GROUP="input"

/etc/init.d/udev reload


Once I reverted that all is good, 'emerge iputils' now sets it as it should.

Thanks mike155! :D
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5589

PostPosted: Sun Feb 10, 2019 2:52 am    Post subject: Reply with quote

mike155 wrote:
Quote:
What could be causing this ?

Wrong mode bits of /bin/ping, especially a missing 'S_ISUID' bit.

The output of 'ls -la /bin/ping' should be:
Code:
-rws--x--x 1 root root 56704 Jan  2 00:38 /bin/ping

The output of 'ls -la /bin/ping' should really be:
Code:
-rwx--x--x 1 root root 55992 Jul 21  2018 /bin/ping

And the output of 'getcap /bin/ping' should be:
Code:
/bin/ping = cap_net_raw+ep

Don't needlessly give things suid root perms. USE=filecaps is on by default for a reason.
Back to top
View user's profile Send private message
mike155
l33t
l33t


Joined: 17 Sep 2010
Posts: 989
Location: Frankfurt, Germany

PostPosted: Mon Feb 11, 2019 10:45 am    Post subject: Reply with quote

Ant P: you're right! Thanks for pointing that out! I should have considered that many (most?) Gentoo systems use capabilities and extended attributes. On those machines, setting the S_ISUID mode bit is wrong.

Note: I don't use capabilities or extended attributes. Consequently, setting the S_ISUID mode bit for /bin/ping is the right thing to do on my machines.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum