On Wed, Jun 08, 2016 at 02:44:52PM +0100, Ben Hutchings wrote:
> [...] see bug #770492.
Truly amazing! For "ping", it would be like this:
$ /sbin/getcap /bin/ping
/bin/ping = cap_net_raw+ep
$ chown root:root /bin/ping
chown: changing ownership of '/bin/ping': Operation not permitted
$
On Tue, 2016-06-07 at 14:56 -0800, Britton Kerin wrote:
> On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote:
> > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
> > > On my old debian system I could ping as a normal user. The ping
> > > binary had the suid bit
On Tue, Jun 07, 2016 at 02:56:11PM -0800, Britton Kerin wrote:
> On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote:
> > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
> >> On my old debian system I could ping as a normal user. The ping
> >> binary had the suid
On Tue, Jun 07, 2016 at 02:56:11PM -0800, Britton Kerin wrote:
> How, just by executing dpkg-reconfigure, did I tell it this is what
> I wanted? If that's the default, why wasn't it that way to begin with?
AFAIK, the tar file format, on which the .deb package format is based,
does not allow for
On Tue 07 Jun 2016 at 14:56:11 (-0800), Britton Kerin wrote:
> On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote:
> > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
> >> On my old debian system I could ping as a normal user. The ping
> >> binary had the suid
On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote:
> On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
>> On my old debian system I could ping as a normal user. The ping
>> binary had the suid bit set. Now I get:
>>
>> $ ping www.google.com
>> ping: icmp
Le decadi 20 prairial, an CCXXIV, Reco a écrit :
> Yes, and "aptitude search '~nping'" shows 41 result for me (42 actually
> if you count busybox).
> I'm somewhat lazy to test each and every implementation of ping to check
> which one fails in 'icmp open socket' instead of 'sendmsg'.
>
> So, my
On Mon, Jun 06, 2016 at 11:29:52AM -0500, David Wright wrote:
> On Mon 06 Jun 2016 at 19:26:04 (+0300), Reco wrote:
> > On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote:
> > > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote:
> > > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago
Dnia 2016-06-06, pon o godzinie 14:04 -0500, David Wright pisze:
> On Mon 06 Jun 2016 at 19:50:55 (+0200), Norbert Kiszka wrote:
> > 1. Did You tried another kernel? If not, maybe try from backports for first.
> >
> > 2. iptable_filter 12488 0
> > > ip_tables 16975 1
On Mon 06 Jun 2016 at 19:50:55 (+0200), Norbert Kiszka wrote:
> 1. Did You tried another kernel? If not, maybe try from backports for first.
>
> 2. iptable_filter 12488 0
> > ip_tables 16975 1 iptable_filter
>
> Little suspicious for me. What needs this modules when you
Dnia 2016-06-06, pon o godzinie 12:00 -0500, David Wright pisze:
> On Mon 06 Jun 2016 at 18:38:55 (+0200), Norbert Kiszka wrote:
> > Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze:
> > > On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote:
> > > > Dnia 2016-06-06, pon o
On Mon 06 Jun 2016 at 18:38:55 (+0200), Norbert Kiszka wrote:
> Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze:
> > On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote:
> > > Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze:
> > > > On Mon 06 Jun 2016 at
Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze:
> On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote:
> > Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze:
> > > On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote:
> > > > On Mon, 6 Jun 2016 at
On Mon 06 Jun 2016 at 19:26:04 (+0300), Reco wrote:
> On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote:
> > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote:
> > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan
On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote:
> Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze:
> > On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote:
> > > On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote:
> > >
> > > > On Mon, Jun 06,
On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote:
> On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote:
> > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > > Check your firewall rules.
> > >
> > >
On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote:
> On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > Check your firewall rules.
> >
> > It can't be firewall rules. Try this to block outgoing ping:
> >
> >
Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze:
> On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote:
> > On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote:
> >
> > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > > Check your
On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote:
> On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote:
>
> > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > Check your firewall rules.
> >
> > It can't be firewall rules. Try this to block outgoing
On Mon, Jun 06, 2016 at 03:27:16PM +, Mark Fletcher wrote:
> you definitely can get this very error due to something to do with
> the firewall,
Well, you can get this very error if you follow the steps I explained here:
Hi.
On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > Check your firewall rules.
>
> It can't be firewall rules. Try this to block outgoing ping:
>
> iptables -A OUTPUT -p icmp --icmp-type echo-request -j
On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote:
> On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > Check your firewall rules.
>
> It can't be firewall rules. Try this to block outgoing ping:
>
> iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
>
>
On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> Check your firewall rules.
It can't be firewall rules. Try this to block outgoing ping:
iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
then try to ping anywhere. You will get a different error message,
namely
Dnia 2016-06-06, pon o godzinie 10:06 +1200, Jan Bakuwel pisze:
> Hi Britton,
>
> On 03/06/16 09:56, Britton Kerin wrote:
> > On my old debian system I could ping as a normal user. The ping
> > binary had the suid bit set. Now I get:
> >
> > $ ping www.google.com
> > ping: icmp open
Hi Britton,
On 03/06/16 09:56, Britton Kerin wrote:
> On my old debian system I could ping as a normal user. The ping
> binary had the suid bit set. Now I get:
>
> $ ping www.google.com
> ping: icmp open socket: Operation not permitted
> 2 $
>
> presumably because the bit isn't set.
On Fri, 3 Jun 2016 at 06:56, Britton Kerin wrote:
> On my old debian system I could ping as a normal user. The ping
> binary had the suid bit set. Now I get:
>
> $ ping www.google.com
> ping: icmp open socket: Operation not permitted
> 2 $
>
> presumably
On Thu, Jun 02, 2016 at 11:28:40PM +0100, Lisi Reisz wrote:
> So far as I can see, ping IS executable by normal users. But then I have
> only
> got Wheezy and Jessie. Are you using Stretch or Sid??
This is not really new in stretch. You can experiment this funny
effect in jessie as well. Try
On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
> On my old debian system I could ping as a normal user. The ping
> binary had the suid bit set. Now I get:
>
> $ ping www.google.com
> ping: icmp open socket: Operation not permitted
> 2 $
>
> presumably because the
On Thursday 02 June 2016 22:56:08 Britton Kerin wrote:
> On my old debian system I could ping as a normal user. The ping
> binary had the suid bit set. Now I get:
>
> $ ping www.google.com
> ping: icmp open socket: Operation not permitted
> 2 $
>
> presumably because the bit isn't
On my old debian system I could ping as a normal user. The ping
binary had the suid bit set. Now I get:
$ ping www.google.com
ping: icmp open socket: Operation not permitted
2 $
presumably because the bit isn't set.
What's the right fix? I could setuid it but then if I understand
30 matches
Mail list logo