Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

ping/traceroute setuid programs

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users ping/traceroute setuid programs
# 1  
Old 08-08-2006
ping/traceroute setuid programs
This may be a dumb question, but I've been wondering why programs such as ping and traceroute must be setuid? Are there some restrictions which prevent normal users from accessing the world via sockets?

Code:
$ pwd
/bin
$ ls -l ping traceroute
-rwsr-xr-x  1 root root 35616 Apr  7  2005 ping
-rwsr-xr-x  1 root root 24004 Mar  4  2005 traceroute

I tried using the 'search' function on the UNIX forums, but it seems to be broken right now.

Thanks,
Nathan
Last edited by nathan; 08-08-2006 at 02:36 AM..
# 2  
Old 08-08-2006
There are restrictions on some options of sockets and net interfaces (for instance, to set interface in promiscuous mode).
Only processes with effective uid 0 or the CAP_NET_RAW capability may open raw sockets (i.e. socket(PF_INET, SOCK_RAW, ...)).
ping/traceroute uses ICMP (on top of IP) protocol, thus I think they must use raw sockets, so you need special privilages.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

2. Programming

Ping test sends mail when ping fails

help with bash script! im am working on this script to make sure my server will stay online, so i made this script.. HOSTS="192.168.138.155" COUNT=4 pingtest(){ for myhost in "$@" do ping -c "$COUNT" "$myhost" &&return 1 done return 0 } if pingtest $HOSTS #100% failed... (4 Replies)
Discussion started by: mort3924
4 Replies

3. UNIX for Dummies Questions & Answers

Difference between inbuilt suid programs and user defined root suid programs under bash shell?

Hey guys, Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries. However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies

4. Solaris

Solaris 9 - Unable to ping a particular server, traceroute also displays * * *

Hi All, I am new to solaris environment and we are using Solaris 9 The problem is am unable to ping a particular server from from one of the solaris server The traceroute also shows only * * * for all the 30 hops I tried to check all the settings like 1) /etc/hosts -> contains the... (17 Replies)
Discussion started by: Sanjay255
17 Replies

5. UNIX for Dummies Questions & Answers

Restricting Usage of Setuid Programs to the Admin User In MacOsx

This is a quote from the Apple security configuration (you can download it from Apple) " Using ACLs to Restrict Usage of Setuid Programs The ACL feature of Mac OS X can also be used to restrict the execution of setuid programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies

6. Shell Programming and Scripting

Animation Ping on Solaris Like Cisco Ping

Hi, I develop simple animation ping script on Solaris Platform. It is like Cisco ping. Examples and source code are below. bash-3.00$ gokcell 152.155.180.8 30 Sending 30 Ping Packets to 152.155.180.8 !!!!!!!!!!!!!.!!!!!!!!!!!!!!!. % 93.33 success... % 6.66 packet loss...... (1 Reply)
Discussion started by: gokcell
1 Replies

7. Solaris

able to ping all hosts but not able to traceroute any host

i am using solaris 10 and i am able to ping all the hosts but i am not able to traceroute any of them. how to fix this? (9 Replies)
Discussion started by: chidori
9 Replies

8. UNIX for Dummies Questions & Answers

help in PING and traceroute command

i cannot find a usefull ping and traceroute command from TCP to another TCP server with port. I usually do only traceroute IP and ping IP..is that enough? I wanted to check its connectivity to an IP address with port.. example: from ip 1.1.1.1 (TCP port 1234) destination 2.2.2.2 (TCP... (1 Reply)
Discussion started by: lhareigh890
1 Replies

9. UNIX for Dummies Questions & Answers

ping,telnet, traceroute

can you provide the command in solaris8 if I wanted to ping,telnet, traceroute an IP address with a port? thanks (1 Reply)
Discussion started by: lhareigh890
1 Replies

10. UNIX for Dummies Questions & Answers

Are programs like sys_open( ) ,sys_read( ) et al examples of system level programs ?

Are the programs written on schedulers ,thread library , process management, memory management, et al called systems programs ? How are they different from the programs that implement functions like open() , printf() , scanf() , read() .. they have a prefix sys_open, sys_close, sys_read etc , right... (1 Reply)
Discussion started by: vishwamitra
1 Replies
Login or Register to Ask a Question