Re: Who changes /bin/ping on my system ?

[Brian <ad44@cityscape.co.uk>]

On Wed 05 Mar 2014 at 09:29:18 +1100, Scott Ferguson wrote:

> > On 04/03/14 19:16, Tim Ruehsen wrote:
> >> Setting up iputils-ping (3:20121221-5) ...
> >> Setcap worked! *Ping(6) is not suid!*
> 
> The above line, emphasis mine, is what prompted second thoughts.
> Perhaps one of the changes between the version you are running and mine
> is that ping is no longer meant to run suid?

In unstable iputils-ping recommends libcap2-bin, which has setcap. From
the postinst:

  # If we have setcap is installed, try setting cap_net_raw+ep,
  # which allows us to install our binaries without the setuid
  # bit.

Also:

  root@desktop:~# apt-get  install iputils-ping --no-install-recommends
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  Recommended packages:
    libcap2-bin
  The following NEW packages will be installed:
    iputils-ping
  0 upgraded, 1 newly installed, 0 to remove and 170 not upgraded.
  Need to get 0 B/54.2 kB of archives.
  After this operation, 112 kB of additional disk space will be used.
  Selecting previously unselected package iputils-ping.
  (Reading database ... 45120 files and directories currently installed.)
  Preparing to unpack .../iputils-ping_3%3a20121221-5_i386.deb ...
  Unpacking iputils-ping (3:20121221-5) ...
  Processing triggers for man-db (2.6.5-3) ...
  Setting up iputils-ping (3:20121221-5) ...
  Setcap is not installed, falling back to setuid