[03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set
Commit Message
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
lfs/iputils | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make ping tracepath
- cd $(DIR_APP) && install -m 4755 ping /usr/bin
+ cd $(DIR_APP) && install -m 0755 ping /usr/bin
cd $(DIR_APP) && install -m 0755 tracepath /usr/bin
+ # Allow execution of /usr/bin/ping by other users than "root"
+ setcap cap_net_raw+ep /usr/bin/ping
+
# Some scripts expect ping in /bin/ping.
ln -svf ../usr/bin/ping /bin/ping