From: Clemens Gruber <clemens.gruber@pqgruber.com>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v2] iputils: update s20121221 -> s20161105
Date: Sat, 28 Jan 2017 17:15:16 +0100 [thread overview]
Message-ID: <20170128161515.GA14861@archie.localdomain> (raw)
In-Reply-To: <45b4393f-ad9d-15d8-03a3-283b56a87e0a@pengutronix.de>
Hi,
On Thu, Jan 26, 2017 at 11:47:11AM +0100, Marc Kleine-Budde wrote:
> On 01/26/2017 11:40 AM, Michael Olbrich wrote:
> > On Wed, Jan 25, 2017 at 07:41:42AM +0100, Uwe Kleine-König wrote:
> >> On Wed, Jan 25, 2017 at 12:13:59AM +0100, Clemens Gruber wrote:
> >>> The current version of iputils ping can handle IPv4 and IPv6 but
> >>> requires a crypto library dependency for ICMPv6 NI queries.
> >>> Add all possible choices: libgcrypt, nettle, openssl or none
> >>>
> >>> tracepath works with IPv4 as well as IPv6 and it does not have to run as
> >>> root.
> >>> traceroute6 only works with IPv6 and requires superuser privileges.
> >>
> >> on Debian traceroute6.iputils isn't setuid root and works for me. It has
> >> caps set however:
> >>
> >> $ ls -l /usr/bin/traceroute6.iputils
> >> -rwxr-xr-x 1 root root 18936 Nov 10 07:23 /usr/bin/traceroute6.iputils
> >>
> >> $ /sbin/getcap /usr/bin/traceroute6.iputils
> >> /usr/bin/traceroute6.iputils = cap_net_raw+ep
> >>
> >> Would that work here, too?
> >
> > In theory yes, but I think our image generation tools cannot handle this.
>
> mk2fs from e2fsprogs can generate images with extended attributed. I
> used it to build imagea with ima/evm attributes.
OK, but we should probably do this in a separate patch and maybe not
only for traceroute6 but for all binaries for which ptxdist currently sets
the setuid bit?
(ping in inetutils, mtr, pppd, gst-ptp-helper in gstreamer1, ..)
Thanks,
Clemens
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2017-01-28 16:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-24 23:13 Clemens Gruber
2017-01-25 6:41 ` Uwe Kleine-König
2017-01-26 10:40 ` Michael Olbrich
2017-01-26 10:47 ` Marc Kleine-Budde
2017-01-28 16:15 ` Clemens Gruber [this message]
2017-03-10 9:45 ` Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170128161515.GA14861@archie.localdomain \
--to=clemens.gruber@pqgruber.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox