Control: severity -1 minor > 1) ping is working > 2) start apt dist-upgrade > 3) at some point new ping stops working with ping: socket: Operation not > permited > for minutes. > 4) apt dist-upgrade finishes > 5) ping works again
The ping process requires the ability to open a raw network socket, which is a privileged operation. The ping binary contained within the package is completely unprivileged, so when it's initially installed it can only be executed by the root user or some other user that has retained the cap_net_raw capability. Later in the installation process, the package's post-install script tries to add the cap_net_raw file-based capability to the binary as that's the safest (least privileged) way to grant users the ability to run ping. If that fails, probably because the system is configured with some unusual filesystem that doesn't support file-based capabilities, then the script sets the suid bit on the binary, granting unprivileged users the ability to run ping with a slight reduction in the security posture. I'm not sure of a practical way to avoid this situation. If .deb files could contain files with capabilities set on them, then this would likely improve the situation for most users, but I believe it's still the case that this isn't possible. You can see the script in question at https://salsa.debian.org/debian/iputils/-/blob/master/debian/iputils-ping.postinst noah