Why ping setuid

Super User is a question and answer site for computer enthusiasts and power users. It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search. In the Jessie version for the Raspberry Pi, ping requires the setuid bit to be set. What is the rationale for this? This however needs both the kernel and the filesystem to support extended attributes xattrs , and some "minimal" systems disable those.

The ping command hasn't been updated for it yet though. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Setuid and setgid can be very useful, but due to security concerns, both have been restricted on most modern operating systems including Linux.

On a multi-user system, as most Linux systems are, there will be times when access to certain files should be restricted. Often, shell scripts may have passwords in them or there may be documents or directories that other users should not see. The best way to secure these files and directories while still maintaining access to them is to use the chmod commandto remove all permissions from group and other users. This modification assures that this file cannot be viewed, modified or executed by any other user on the system.

Assuming others do not have the specific username and password, this makes it safe to keep secure data like passwords on the system. This is necessary for some scripts that require passwords. To offer more flexibility, Linux offers access control lists, also referred to as ACLs. ACLs offer the ability to name, individually, a user or group and grant them specific access to a given file.

The ACL entry is typically made up of the word user or group indicating what permissions should be added for, the name of the user or group and the permissions they should be granted on this file. The example above shows a typical ACL setting.

Permissions for multiple users or groups can be added through ACLs. Permissions for a given user or group can be replaced using the -m option in the same way they were added. When you want to remove a user or group from the ACL list, the -x option is used with setfacl. Since all permissions added through the ACL will be removed, there is no need to specify r, w or x. Sticky Bits, Setuid and Setgid. Linux has three additional special permissions to the basic permissions described before:.

The table below gives explanations and examples for each special permission:. For example, if the file is owned by user root and group wheel , it will run as root:wheel no matter who executes the file. Most implementations of the chmod command also support finer-grained, symbolic arguments to set these bits.

The setuid and setgid flags, when set on a directory, have an entirely different meaning. Newly created subdirectories inherit the setgid bit. Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories.

Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:. In FreeBSD, directories behave as if their setgid bit was always set, regardless of its actual value.

As is stated in open 2 , "When a new file is created it is given the group of the directory which contains it. Programs that use this bit must be carefully designed and implemented to be immune to security vulnerabilities including buffer overruns and path injection.

Successful buffer overrun attacks on vulnerable applications allow the attacker to execute arbitrary code under the rights of the process being exploited. In the event a vulnerable process uses the setuid bit to run as root , the code will be executed with root privileges, in effect giving the attacker root access to the system on which the vulnerable process is running. The setuid bit was invented by Dennis Ritchie. The patent was later placed in the public domain.