5

I learned from here that there's 2 ways to control privileged activities: setuid and capability.

But when I'm playing around with ping on my machine, it seems that it can bypass these 2 mechanism.

First, confirm that on my machine /usr/bin/ping has cap_net_raw capability and it use SOCK_RAW:

$ ll /usr/bin/ping
-rwxr-xr-x 1 root root 72K Jan 31  2020 /usr/bin/ping

$ getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

$ strace -e socket ping <some-ip>
socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 5

Copying the binary will drop the capability but it still works:

$ cp /usr/bin/ping ~

$ ll ~/ping
-rwxr-xr-x 1 user user 72K Nov  4 16:54 /home/user/ping

$ getcap ~/ping
[empty result]

$ ~/ping <some-ip>
[it works]

I'm using Ubuntu 20.04 and 5.4.0-52-generic.

zingdle
  • 175
  • 1
  • 7

1 Answers1

5

On a recent Linux system, ping doesn't need any privileges for its most basic operation, which is to send ICMP echo request messages and receive responding echo reply messages.

Ubuntu 20.04 has two implementations of ping. The default one, from iputils-ping, is installed setcap CAP_NET_RAW but works for ICMP echo without privileges. The one from inetutils-ping is installed setuid root but also works for ICMP echo without privileges. Both use an ICMP socket, which is permitted without privileges:

socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) = 3

I can't reproduce the use of a netlink socket for a basic ping on either of these implementations, with or without privileges.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175