Public bug reported:
The latest version of iputils have the option of using SOCK_DGRAM
packets instead of SOCK_RAW, provided that the net.ipv4.ping_group_range
sysctl is set to a different value. This helps a lot with security in
-not just- Linux containers by dropping support for the NET_RAW
capability.
Also, the ubuntu-minimal packages should not include this package as a
hard dependency in case I want to uninstall iputils-ping to substitute
it for another package like oping which just works if I turn off the
setuid bit.
** Affects: iputils (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1588917
Title:
Upgrade ping to latest version that doesn't require SUID or NET_RAW
capability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1588917/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
