On Tue, Dec 13, 2016 at 02:21:51AM +0100, Jeremie Courreges-Anglas wrote: > "Michael W. Lucas" <mwlu...@michaelwlucas.com> writes: > > > Hi, > > Hi, > > > Running the 12/12 snapshot, amd64. > > > > I'm setting up the looking glass CGI included with httpd. Requests for > > ping and traceroute fail. > > > > Per bgplg(8), I've set mode 4555 on the static binaries: > > > > ls -lai /var/www/bin/ > > total 1844 > > 77958 drwxr-xr-x 2 root daemon 512 Dec 11 17:47 . > > 77956 drwxr-xr-x 15 root daemon 512 Dec 12 15:35 .. > > 77959 -r-xr-xr-x 1 root bin 256240 Dec 8 12:09 bgpctl > > 77978 -rwxr-xr-x 1 root bin 273200 Dec 8 15:36 femail > > 77960 -r-sr-xr-x 2 root bin 318320 Dec 8 12:09 ping > > 77960 -r-sr-xr-x 2 root bin 318320 Dec 8 12:09 ping6 > > 77961 -r-sr-xr-x 2 root bin 281168 Dec 8 12:09 traceroute > > 77961 -r-sr-xr-x 2 root bin 281168 Dec 8 12:09 traceroute6 > > > > Ping and traceroute run fine as root. As an unprivileged user, though, > > I get: > > > > ./ping 8.8.8.8 > > ping: socket: Permission denied > > > > $ ./traceroute 8.8.8.8 > > traceroute: unable to revoke privs: Operation not permitted > > > > Any suggestions? Or have I found a bug? > > Is the partition that holds /var/www/bin mounted "nosuid"?
(Replying mostly for the archives.) Yes, /var is mounted nosuid. bgplg(8) has lovely detailed instructions on how to set it up, including setting the suid bit, but don't mention that detail. Thank you. ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
