Bug#832999: "ping: icmp open socket: Operation not permitted" as non-root in Debian Live

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#832999: "ping: icmp open socket: Operation not permitted" as non-root in Debian Live

Askar Safin
Package: iputils-ping
Version: 3:20121221-5+b2
Severity: normal

I downloaded Debian Live from this link:
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.5.0-amd64-kde-desktop.iso
I booted into this KDE live system, opened Konsole terminal emulator, typed "ping debian.org" (as non-root) into it and saw:
"ping: icmp open socket: Operation not permitted".
"sudo ping debian.org" works.

user@debian:~$ ls -l /bin/ping
-rwxr-xr-x 1 root root 44104 Nov  8  2014 /bin/ping
user@debian:~$ stat /bin/ping
  File: ‘/bin/ping’
  Size: 44104           Blocks: 88         IO Block: 1024   regular file
Device: 13h/19d Inode: 509687      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-11-08 17:04:43.000000000 +0000
Modify: 2014-11-08 17:04:43.000000000 +0000
Change: 2014-11-08 17:04:43.000000000 +0000
 Birth: -

-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iputils-ping depends on:
ii  libc6                2.19-18+deb8u4
ii  libcap2              1:2.24-8
ii  libgnutls-openssl27  3.3.8-6+deb8u3

Versions of packages iputils-ping recommends:
ii  libcap2-bin  1:2.24-8

iputils-ping suggests no packages.

-- no debconf information

Reply | Threaded
Open this post in threaded view
|

Bug#832999: "ping: icmp open socket: Operation not permitted" as non-root in Debian Live

Noah Meyerhans-3
Control: reassign -1 cdimage.debian.org

On Sat, Jul 30, 2016 at 10:12:13AM +0000, Askar Safin wrote:
> I downloaded Debian Live from this link:
> http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.5.0-amd64-kde-desktop.iso
> I booted into this KDE live system, opened Konsole terminal emulator, typed "ping debian.org" (as non-root) into it and saw:
> "ping: icmp open socket: Operation not permitted".
> "sudo ping debian.org" works.

ping uses Linux capabilities(7) to work as a non-suid binary. What seems
to be happening is that the initial base installation performed by
debootstrap is done on a filesystem that supports capabilities, but then
the capabilities are lost when the files are copied to the CD image
filesystem. I'm not sure if that's because the target filesystem doesn't
support capabilities or that the process of copying fails to preserve
them.

I'm re-assigning this to the cdimage.debian.org team so they can
investigate.

noah


signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#832999: "ping: icmp open socket: Operation not permitted" as non-root in Debian Live

Darshaka Pathirana-2
On Tue, 8 Nov 2016 05:55:02 -0800 Noah Meyerhans <[hidden email]> wrote:

> On Sat, Jul 30, 2016 at 10:12:13AM +0000, Askar Safin wrote:
>> I downloaded Debian Live from this link:
>> http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.5.0-amd64-kde-desktop.iso
>> I booted into this KDE live system, opened Konsole terminal
>> emulator, typed "ping debian.org" (as non-root) into it and saw:
>> "ping: icmp open socket: Operation not permitted".
>> "sudo ping debian.org" works.
>
> ping uses Linux capabilities(7) to work as a non-suid binary. What seems
> to be happening is that the initial base installation performed by
> debootstrap is done on a filesystem that supports capabilities, but then
> the capabilities are lost when the files are copied to the CD image
> filesystem. I'm not sure if that's because the target filesystem doesn't
> support capabilities or that the process of copying fails to preserve
> them.
>
> I'm re-assigning this to the cdimage.debian.org team so they can
> investigate.
Just tested ping with "debian-live-9.1.0-amd64-kde-desktop.iso" and
with "debian-live-9.1.0-amd64-cinnamon-desktop.iso". Ping performs
correctly on both systems.

@Asker: mind trying it again and close the bug it works for you? Thx.

Regards,
 - Darsha


signature.asc (836 bytes) Download Attachment