[Desktop-packages] [Bug 1588917] Re: Upgrade ping to latest version that doesn't require SUID or NET_RAW capability

I think it should be up to the user to decide whether to enable this by setting the net.ipv4.ping_group_range sysctl. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to iputils in Ubuntu. https://bugs.launchpad.net/bugs/1588917 Title:

[Desktop-packages] [Bug 1588917] Re: Upgrade ping to latest version that doesn't require SUID or NET_RAW capability

I believe that section of the kernel code has had three user->ring0 vulnerabilities so far. It might be worth waiting a bit longer before enabling its use by default. Thanks -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to iputils in

[Desktop-packages] [Bug 1588917] Re: Upgrade ping to latest version that doesn't require SUID or NET_RAW capability

** Changed in: iputils (Ubuntu) Status: New => Triaged ** Changed in: iputils (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to iputils in Ubuntu.

[Desktop-packages] [Bug 1588917] Re: Upgrade ping to latest version that doesn't require SUID or NET_RAW capability

** Description changed: The latest version of iputils have the option of using SOCK_DGRAM packets instead of SOCK_RAW, provided that the net.ipv4.ping_group_range sysctl is set to a different value. This helps a lot with security in -not just- Linux containers by dropping support for the