~alpine/devel

4 3

[alpine-devel] ping: ping is not a valid applet

Alba Pompeo
Details
Message ID
<CAJDAfTC+HpKvX0rfeyxCNYS1rYx-ThiP6FKCcADZS_YxjqBUeQ@mail.gmail.com>
Sender timestamp
1462725377
DKIM signature
missing
Download raw message
I'm on edge and receive this message when trying to ping an IP.
ping: ping is not a valid applet
Is there a fix?
Thanks.
Ciao.


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Isaac Dunham
Details
Message ID
<20160508200757.GA10522@newbook>
In-Reply-To
<CAJDAfTC+HpKvX0rfeyxCNYS1rYx-ThiP6FKCcADZS_YxjqBUeQ@mail.gmail.com> (view parent)
Sender timestamp
1462738078
DKIM signature
missing
Download raw message
On Sun, May 08, 2016 at 01:36:17PM -0300, Alba Pompeo wrote:
> I'm on edge and receive this message when trying to ping an IP.
> ping: ping is not a valid applet
> Is there a fix?
> Thanks.
> Ciao.

This is an issue I mentioned previously, where bbsuid no longer recognizes
ping as a valid command, but the symlink has not been updated to point to
busybox.

Workaround:
rm -f /bin/ping && /bin/busybox --install -s

Fix:
See attached patch.

The sysctl settings shown are disabled/netdev (gid=28) only/everyone.

HTH,
Isaac Dunham
Isaac Dunham
Details
Message ID
<20160508214231.GA10993@newbook>
In-Reply-To
<CADq4isS-RH=38=cZ_wWMuJ8vF8WZ1MuqLZ7gJJKoogtLY5W2rA@mail.gmail.com> (view parent)
Sender timestamp
1462743752
DKIM signature
missing
Download raw message
On Sun, May 08, 2016 at 08:58:06PM +0000, Christian Kampka wrote:
> You should be able to use ping as a non-root user by setting
> the ping_group_range in sys/net/ipv4 to the appropriate group(s).
> See 'man 7 icmp' for details.

Some settings are also shown in the comment in the patch.

> Maybe we should figure out a sensible default we can supply with an
> alpine-base installation.

My initial suggestion (based on what I do locally) was to allow group
'netdev' alone to use ICMP_ECHO.
ncopa suggested adding a 'ping' group with gid=999, and allow 999+ to
use ping.
The one caveat here is that some daemons use groups nobody/nogroup
(gid=65533/65534), and it seems rather senseless for a daemon to *gain*
the ability to use ICMP_ECHO by dropping privileges if there does turn
out to be a vulnerability there; nobody:nogroup is supposed to indicate
that a daemon has no need for any extra privileges.
Similarly, 4294967294 is used as the anonymous unauthenticated user in
some NFS implementations, so permitting that might be undesireable.

For reference, on Debian, gids from 60,000 to 64,999 are reserved for
packages; if we were to parallel Debian's policy, a sensible default
would be 999-59999.



> Alba Pompeo <albapompeo@gmail.com> schrieb am So., 8. Mai 2016 um 22:31 Uhr:
> 
> > Nice workaround for now, thanks.
> > I hope in the future it works on non-root user accounts too.
> >
> > On Sun, May 8, 2016 at 5:07 PM, Isaac Dunham <ibid.ag@gmail.com> wrote:
> > > On Sun, May 08, 2016 at 01:36:17PM -0300, Alba Pompeo wrote:
> > >> I'm on edge and receive this message when trying to ping an IP.
> > >> ping: ping is not a valid applet
> > >> Is there a fix?
> > >> Thanks.
> > >> Ciao.
> > >
> > > This is an issue I mentioned previously, where bbsuid no longer
> > recognizes
> > > ping as a valid command, but the symlink has not been updated to point to
> > > busybox.
> > >
> > > Workaround:
> > > rm -f /bin/ping && /bin/busybox --install -s
> > >
> > > Fix:
> > > See attached patch.
> > >
> > > The sysctl settings shown are disabled/netdev (gid=28) only/everyone.
> > >
> > > HTH,
> > > Isaac Dunham
> >
> >
> > ---
> > Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> > Help:         alpine-devel+help@lists.alpinelinux.org
> > ---
> >
> >


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Alba Pompeo
Details
Message ID
<CAJDAfTD1YBn=OW_ZTE3kbVeofDY6FLEQUBG7V5WeBQziE4nLQg@mail.gmail.com>
In-Reply-To
<20160508200757.GA10522@newbook> (view parent)
Sender timestamp
1462739454
DKIM signature
missing
Download raw message
Nice workaround for now, thanks.
I hope in the future it works on non-root user accounts too.

On Sun, May 8, 2016 at 5:07 PM, Isaac Dunham <ibid.ag@gmail.com> wrote:
> On Sun, May 08, 2016 at 01:36:17PM -0300, Alba Pompeo wrote:
>> I'm on edge and receive this message when trying to ping an IP.
>> ping: ping is not a valid applet
>> Is there a fix?
>> Thanks.
>> Ciao.
>
> This is an issue I mentioned previously, where bbsuid no longer recognizes
> ping as a valid command, but the symlink has not been updated to point to
> busybox.
>
> Workaround:
> rm -f /bin/ping && /bin/busybox --install -s
>
> Fix:
> See attached patch.
>
> The sysctl settings shown are disabled/netdev (gid=28) only/everyone.
>
> HTH,
> Isaac Dunham


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Christian Kampka
Details
Message ID
<CADq4isS-RH=38=cZ_wWMuJ8vF8WZ1MuqLZ7gJJKoogtLY5W2rA@mail.gmail.com>
In-Reply-To
<CAJDAfTD1YBn=OW_ZTE3kbVeofDY6FLEQUBG7V5WeBQziE4nLQg@mail.gmail.com> (view parent)
Sender timestamp
1462741086
DKIM signature
missing
Download raw message
You should be able to use ping as a non-root user by setting
the ping_group_range in sys/net/ipv4 to the appropriate group(s).
See 'man 7 icmp' for details.

Maybe we should figure out a sensible default we can supply with an
alpine-base installation.

Alba Pompeo <albapompeo@gmail.com> schrieb am So., 8. Mai 2016 um 22:31 Uhr:

> Nice workaround for now, thanks.
> I hope in the future it works on non-root user accounts too.
>
> On Sun, May 8, 2016 at 5:07 PM, Isaac Dunham <ibid.ag@gmail.com> wrote:
> > On Sun, May 08, 2016 at 01:36:17PM -0300, Alba Pompeo wrote:
> >> I'm on edge and receive this message when trying to ping an IP.
> >> ping: ping is not a valid applet
> >> Is there a fix?
> >> Thanks.
> >> Ciao.
> >
> > This is an issue I mentioned previously, where bbsuid no longer
> recognizes
> > ping as a valid command, but the symlink has not been updated to point to
> > busybox.
> >
> > Workaround:
> > rm -f /bin/ping && /bin/busybox --install -s
> >
> > Fix:
> > See attached patch.
> >
> > The sysctl settings shown are disabled/netdev (gid=28) only/everyone.
> >
> > HTH,
> > Isaac Dunham
>
>
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
>
>