On Wednesday 02 January 2008 06:07:47 Marius Gedminas wrote: > On Tue, Jan 01, 2008 at 11:42:01PM -0800, James Sparenberg wrote: > > Hendrik, > > > > Actually ping requires root on all systems. Since in order to > > do icmp you need to put the nic into a different mode than it > > runs in normally. The way it is normally done on every other > > linux distro is to do (as root) > > > > chmod u+s /usr/bin/ping (or /bin/ping on busybox enabled > > systems) > > > > This will, yes, set ping as setuid root. If you look at any > > other Linux you see that they all run ping setuid root. > > If you do that with /bin/ping on busybox-enabled systems, it will > set *all* busybox utils (including /bin/sh) setuid root. > > Gun. Foot. Safety off. > > Good luck, > Marius Gedminas Marius, Yes it would seem so, and I expected it to happen, but if you do chmod u+s /bin/ping ... a normal user can run ping. But then if you turn around and do (after the chmod) cat /etc/sudoers As an unprivileged user ... it will give you a permission denied. (normal reaction) Then I walk over to my debian system and run chmod u+s /bin/cat Now on my debian system cat allows me to cat /etc/sudoers Normally an unprivileged user cannot cat /etc/sudoers. Running through the entire list of apps in /bin linked to busybox shows the same result. Only ping is setuid root. Conversly if I do chmod u-s /bin/ping (removing setuid) chmod u+s /bin/cat (setting setuid) cat can cat /etc/sudoers and a normal user cannot ping. James
