Featured Articles
Announcing Pi
Technical Specifications
Raspberry Pi FAQs
Win a Pi
Raspberry Pi Wishlist
Actions
Forum Thread Details
  • Replies 18 replies
  • Subscribers 678 subscribers
  • Views 1744 views
  • Users 0 members are here
Related

Raspi 3 ping

k5at

on all my Raspi 2's, I can open a terminal window and ping either a IP address for a domain name. 

I have to be in root to do so on the Raspi 3.   What gives?

Parents

  • Ping needs to inject "low level" packets into the network. As that is a rather "unusual" operation it does not make sense to build a kernel-interface specifically for that. There is just a PROGRAM specifically for that. This program is called "ping".

     

    So, the ping program needs to ask the running Linux system: "hey, I built this odd network packet, could you inject it into the network for me without any security or sanity checks?" This requires elevated (root) privileges..... But ordinary users have a valid requirement for running "ping", so there is a solution for this: The ping program was made "setuid-root". The ping program, and that program alone, gets while it is running the privileges of the root user, allowing it to do the packet injection it needs to do. The trade-off is that the ping program needs to be written securely.

     

    So where a normal program say: "nano" could get away with crashing if instead of "nano /etc/bash.bashrc" you enter "nano /etc/<.....kilobytes or megabytes of string data ....>", a setuid program like ping will have to check its arguments very carefully, because a "crash" usually means that a carefully crafted humongous string will put the whole program under control of the user. This could then allow a hacker to read other peoples files etc.

     

    Anyway, that's what is going on. The solution: Make the ping executable setuid-root:

    sudo chmod 4755 /bin/ping

  • in reply to rew


    Thanks.  That fixed the "ping issue"

  • in reply to clem57

    I think he meant the chmod setuid on ping fixed him up,

     

    Mike

Reply Children
No Data