Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fails when run as suid root #34

Open
tfheen opened this issue Mar 16, 2018 · 3 comments · May be fixed by #35
Open

fails when run as suid root #34

tfheen opened this issue Mar 16, 2018 · 3 comments · May be fixed by #35

Comments

@tfheen
Copy link

tfheen commented Mar 16, 2018

This is a variant over https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864184.

In Debian, oping is installed suid root. In older versions, in liboping.c, doing ping_host_add would also grab a raw socket. In the current version, that is only added when ping_send is called, which is after when oping and noping have dropped their privileges, leading to ping_send failed: Operation not permitted errors.

I'm happy to provide a patch if that's useful, but as there are a few ways of solving this, some guidance would be useful. (Just creating the socket in the add_host function is probably the easiest, from a quick glance.)
@barak
Copy link

barak commented Mar 18, 2018

(Debian maintainer here.) Thanks, a patch would be very welcome!

tfheen added a commit to tfheen/liboping that referenced this issue Mar 20, 2018
@tfheen
Open raw sockets when adding hosts, not when doing the pinging
a88c51f 
This allows this to run as non-root again, without this, oping will
have dropped privileges before trying to ping, which then fails to
open the necessary raw sockets.

Fixes: octo#34
@tfheen tfheen linked a pull request Mar 20, 2018 that will close this issue
Open
@tfheen
Copy link
Author

tfheen commented Mar 20, 2018

@barak, see #35 for a patch. Works for me in my super-light testing.

@barak
Copy link

barak commented Mar 21, 2018

dput

bob-beck pushed a commit to openbsd/ports that referenced this issue Apr 28, 2018
@landryb
Update to libopint 1.10.
537f02e 
Backport a fix for octo/liboping#34

ok danj@
Oliviers-OSS pushed a commit to Oliviers-OSS/liboping that referenced this issue Mar 3, 2019
Open raw sockets when adding hosts, not when doing the pinging
ef72742 
This allows this to run as non-root again, without this, oping will
have dropped privileges before trying to ping, which then fails to
open the necessary raw sockets.

Fixes: octo#34

Patch from tfheen@a88c51f?diff=split
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Open raw sockets when adding hosts, not when doing the pinging tfheen/liboping
2 participants
@barak @tfheen