[SOLVED] Who changes /bin/ping on my system ?

To: debian-user@lists.debian.org
Subject: [SOLVED] Who changes /bin/ping on my system ?
From: Tim Ruehsen <tim.ruehsen@gmx.de>
Date: Thu, 06 Mar 2014 10:56:38 +0100
Message-id: <[🔎] 2264990.5cRkHUxXcv@blitz-lx>
In-reply-to: <[🔎] 2984066.dquGzppmP6@blitz-lx>
References: <[🔎] 2984066.dquGzppmP6@blitz-lx>

I just found this:

https://lists.debian.org/debian-qa-packages/2014/02/msg00132.html

So I mark this issue as solved (I leave a copy of my initla mail down below 
for reference).

Thanks again for all your help !

Tim

On Tuesday 04 March 2014 09:16:15 Tim Ruehsen wrote:
> Hi,
> 
> every now and than ping loses it's capabilities to be executed by a normal
> user. Like here:
> $ ping example.com
> ping: icmp open socket: Operation not permitted
> 
> I didn't care so far and just reinstalled iputils-ping and everything worked
> again. I did this three or four times since ~ November 2013.
> 
> Today I had the problem again and took time to look at it a bit closer.
> Right before, I made a apt-get update / apt-get dist-upgrade (but
> iputils-ping wasn't included here).
> 
> # ls -la /bin/ping
> -rwxr-xr-x 1 root root 46672 01-02-14 22:18:43 /bin/ping
> 
> Now I reinstalled iputils-ping:
> # apt-get --reinstall install iputils-ping
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not
> upgraded. Need to get 0 B/56.3 kB of archives.
> After this operation, 0 B of additional disk space will be used.
> (Reading database ... 443041 files and directories currently installed.)
> Preparing to unpack .../iputils-ping_3%3a20121221-5_amd64.deb ...
> Unpacking iputils-ping (3:20121221-5) over (3:20121221-5) ...
> Processing triggers for man-db (2.6.6-1) ...
> Setting up iputils-ping (3:20121221-5) ...
> Setcap worked! Ping(6) is not suid!
> 
> # ls -la /bin/ping
> -rwxr-xr-x 1 root root 44080 01-02-14 22:18:43 /bin/ping
> 
> For me it looks like ping utility is changed from time to time without
> setting the correct pcaps (rootkit bug ?).
> 
> Does anybody know who or what changes my ping utility ? Is this a known bug
> (I couldn't find anything) ?
> Is there a good rootkit / malware scanner (I am already using chkrootkit
> with no success) ?
> 
> My system is a Debian Sid / unstable
> 
> Thanks for any help or suggestions.
> 
>       Tim

Reply to:

References:
- Who changes /bin/ping on my system ?
  - From: Tim Ruehsen <tim.ruehsen@gmx.de>

Prev by Date: Re: Who changes /bin/ping on my system ?
Next by Date: Re: Who changes /bin/ping on my system ?
Previous by thread: Re: Who changes /bin/ping on my system ?
Next by thread: trickle for cpu ?
Index(es):
- Date
- Thread