On Mon, Jan 02, 2023 at 10:09:44PM +0100, Marco d'Itri wrote: > > With that in place, unprivileged users are able to excute ping for both > > IPv4 and IPv6 targets without cap_net_raw (currently set as either a > > file-based attribute on the ping binary or acquired via setuid). But > > since that applies system-wide, not just to the ping binary, there may > > be objections. > I do not think that the submitter made clear why this would be > preferable, so I had to research it myself. See: > > https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange > https://github.com/systemd/systemd/pull/13141 > > Since this is one of the systemd sysctl defaults (of which I think that > we should adopt more, especially the network-related ones!) I agree with > changing this. > I would just do it in the systemd package package to allow all packages > to benefit from it without having to care if ping is installed.
I'm entirely happy to reassign this request to systemd and have the setting applied more broadly. The question that arises then is what to do about the file-level capabilities on the ping binary. Ideally we drop them entirely (including the setuid fallback), but when? I could leave things completely decoupled, and simply wait until systemd makes the change and then upload iputils and assume that anybody upgrading iputils is also upgrading systemd. That seems to be what Fedora did, according to the fedoraproject.org wiki cited above. Alternatives would seem to involve some level of versioned dependency, which doesn't feel right. noah
