[Toybox] banging on ping
enh
enh at google.com
Mon Jul 17 07:55:47 PDT 2017
On Mon, Jul 17, 2017 at 3:33 AM, Rob Landley <rob at landley.net> wrote:
> Over the weekend I started looking at ping.c again thinking "this seems
> really easy, why haven't I already done it". And I figured out why (I
> wanted the code to autodetect ipv4 or ipv6 without you having to
> specify, but you could go "ping -I lo 127.0.0.1" and it could see ::1 as
> the first address of lo so you have to defer the decision of which type
> to use while detecting, AND I still wanted -4 and -6 to work to force
> the decision meaning it fails if source or dest can't do that, except
> supplying source address is optional.)
>
> So I finally untangled all that crap, and then I started in on the next
> thing I wantedit to do, use the "unprivileged ping sockets" stuff Linux
> merged back in 2011:
>
> https://lwn.net/Articles/422330/
>
> It's almost been 7 years, no need to support the old "needs root" stuff
> if this should be ubiquitously deployed.
>
> Yes that description's wrong, there's no such thing as PROT_ICMP, they
> mean IPPROTO_ICMP but good luck finding example code using that because
> nobody uses it. Why does nobody use it? Because the API is stupidly
> disabled for no apparent reason.
Android uses it all over the place. i even made it available to Java.
in particular, external/iputils' ping/ping6 uses it.
>> socket(2) is restricted to the group range specified in
>> "/proc/sys/net/ipv4/ping_group_range". It is "1 0" by default, meaning
>> that nobody (not even root) may create ping sockets. Setting it to "100
>> 100" would grant permissions to the single group (to either make
>> /sbin/ping g+s and owned by this group or to grant permissions to the
>> "netadmins" group), "0 4294967295" would enable it for the world, "100
>> 4294967295" would enable it for the users, but not daemons.
>
> This is why I was getting permission denied trying to test my code. If I
> "sudo /bin/bash" and then "echo 0 65535 >
> /proc/sys/net/ipv4/ping_group_range" my test code suddenly works.
>
> Question 1: WHY THE HELL DID THEY DISABLE THIS? Normal users have been
> able to ping from Linux forever (and still can), it just requires an
> suid binary to do it. Why does the API to _remove_ this restriction have
> this pointless safety catch REQUIRING ROOT TO ENABLE THE NON-ROOT API?
>
> Question 2: Why not make the default so root can use this, so ping
> implementations could switch over to the new API even if they still
> require the suid bit to work during the transition period?
>
> Question 3: Groups? Does anybody use groups post-y2k? UIDs, sure, but we
> haven't been sharing these machines since the minicomputer days, what's
> the point of making this depend on GID?
>
> Question 4: It's under ipv4 but not under ipv6, but it works for ipv6 too?
>
> Sigh. Anybody want to talk to the kernel guys to point a flamethrower at
> this nonsense? I'm kinda burnt out dealing with them after
> http://lkml.iu.edu/hypermail/linux/kernel/1705.2/06366.html (which dates
> back to http://lkml.iu.edu/hypermail/linux/kernel/1606.2/05742.html and
> so on; I made a follow-up patch to check for that specific situation and
> printk("Triggering workaround for obvious Debian bug.") but haven't got
> the energy for a fourth go at dealing with those guys just yet.)
>
> Sigh. I can implement a ping requiring suid, but... ouch? They MADE an
> api not to need this, and then cripped that API for no apparent reason.
> (If you wanna ping flood somebody you can do it with UDP?)
>
> Lemme check in what I've done, anyway... Ok, there.
>
> Rob
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net
--
Elliott Hughes - http://who/enh - http://jessies.org/~enh/
Android native code/tools questions? Mail me/drop by/add me as a reviewer.
More information about the Toybox
mailing list