I think it should be up to the user to decide whether to enable this by
setting the net.ipv4.ping_group_range sysctl.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1588917

Title:
  Upgrade ping to latest version that doesn't require SUID or NET_RAW
  capability

Status in iputils package in Ubuntu:
  Triaged

Bug description:
  The latest version of iputils have the option of using SOCK_DGRAM
  packets instead of SOCK_RAW, provided that the
  net.ipv4.ping_group_range sysctl is set to a different value.  This
  helps a lot with security in -not just- Linux containers by dropping
  support for the NET_RAW capability.

  Also, the ubuntu-minimal packages should not include this package as a
  hard dependency in case I want to uninstall iputils-ping to substitute
  it for another package like oping which just works if I turn off the
  setuid bit.

  This would help a lot with secure Linux containers with no NET_RAW
  capabilities.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1588917/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to