Hi, I was reading thr. /. commentary on the latest linux kernel bug, got drifted into file system capabilities. and got this, (from http://lwn.net/Articles/313838/) [root@presario shridhar]# ls -la /bin/ping -rwsr-xr-x 1 root root 33360 2008-10-04 17:48 /bin/ping [root@presario shridhar]# chmod u-s /bin/ping [root@presario shridhar]# setcap cap_net_raw=ep /bin/ping [root@presario shridhar]# ls -al /bin/ping -rwxr-xr-x 1 root root 33360 2008-10-04 17:48 /bin/ping [root@presario shridhar]# exit shridhar@presario ~$ ping 192.168.1.5 PING 192.168.1.5 (192.168.1.5) 56(84) bytes of data. 64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=0.219 ms 64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=0.354 ms ^C --- 192.168.1.5 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.219/0.286/0.354/0.069 ms so can this be done by default? thus reducing setuid usage? it should improve security right? -- Shridhar
