Package: iputils-ping Version: 3:20211215-1 Severity: important Dear Maintainer,
ping in Debian uses capabilities: $ getcap /usr/bin/ping /usr/bin/ping cap_net_raw=ep # NOTE: cap_net_raw+p would be enough This is required for normal user to be able to open RAW socket. IMHO more secure is to allow users to use ICMP socket. All what is required is to set net.ipv4.ping_group_range: sysctl net.ipv4.ping_group_range="0 2147483647" Not sure how adding sysctl config in /etc/sysctl.d/ for package works in Debian. Kind regards, Petr
