Why doesn't Ubuntu use capabilities on ping?

Question

After running,

$ ls -l /bin/ping
-rwsr-xr-x 1 root root 34740 Nov  5  2012 /bin/ping

I wonder, why doesn't Ubuntu use capabilities (i.e. raw sockets) rather than setuid?

¡Attention! In Ubuntu 20.04 there's no cap_net_raw capability yet but bit suid neither!!?? I don't know how ping can be run flawessly if it has rwxr-xr-x permissions and no capabiliy (getcap shows nothing). I can't understand!! — Osqui, Oct 23 '20 at 20:14
Well, I've found the answer myself. It's here: https://unix.stackexchange.com/questions/592911/how-does-ping-work-on-fedora-without-setuid-and-capabilities?rq=1 — Osqui, Oct 23 '20 at 20:22

edgy · Answer 1 · 2014-09-05T02:46:28.007

2

It is considered a bug if a package has overly permissive capabilities, so these cases should be reported. However, they might have already fixed it according to https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/534341

edited Sep 05 '14 at 02:46

answered Sep 05 '14 at 02:15

edgy

Since Ubuntu 16.04 uses setuid, how could I use the C# Ping class constructor to avoid the TypeInitializer for 'System.Net.NetworkInformaton.Ping threw an exception error? Thank you. – Frank Jul 24 '16 at 06:28
@Frank, that is best asked as another question, as it is not a clarification or comment on this answer. – vonbrand Sep 22 '21 at 22:00

1 Answers1