On Tue, 2016-06-07 at 14:56 -0800, Britton Kerin wrote: > On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila <email@example.com> wrote: > > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote: > > > On my old debian system I could ping as a normal user. The ping > > > binary had the suid bit set. Now I get: > > > > > > $ ping www.google.com > > > ping: icmp open socket: Operation not permitted > > > 2 $ > > > > > > presumably because the bit isn't set. > > > > > > What's the right fix? I could setuid it but then if I understand > > > correctly it might get changed back by an upgrade. Does it use > > > capabilites or something? > > > > Yes, it uses capabilities. The simple fix is to do this: > > > > dpkg-reconfigure iputils-ping > > Well, that works, thanks. But I really don't get the overall behavior. > It says this: > > root@debian:/home/bkerin# dpkg-reconfigure iputils-ping > Setcap worked! Ping(6) is not suid! > root@debian:/home/bkerin# > > And then ping works for non-root users. > > How, just by executing dpkg-reconfigure, did I tell it this is what > I wanted? If that's the default, why wasn't it that way to begin with? It probably was, but see bug #770492. > More generally, is it somehow possible to still run debian without > capabilities? [...] Capabilities are a non-optional feature of Linux. There are Debian ports to other kernels where this may not be the case. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo.
Description: This is a digitally signed message part