Using strace the permission to open the socket is denied as expected:
Code:
$ strace /bin/ping -c 1 www.google.it
execve("/bin/ping", ["/bin/ping", "-c", "1", "www.google.it"], [/* 17 vars */]) = 0
...
capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
capget({_LINUX_CAPABILITY_VERSION_3, 0}, {0, 0, 0}) = 0
capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
capset({_LINUX_CAPABILITY_VERSION_3, 0}, {0, 0, 0}) = 0
prctl(PR_SET_KEEPCAPS, 1) = 0
getuid() = 1001
setuid(1001) = 0
prctl(PR_SET_KEEPCAPS, 0) = 0
getuid() = 1001
geteuid() = 1001
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=106070960, ...}) = 0
mmap(NULL, 106070960, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7ea87cb000
close(3) = 0
capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
capget({_LINUX_CAPABILITY_VERSION_3, 0}, {0, 0, 0}) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) = -1 EACCES (Permission denied)
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
...
write(2, "ping: socket: Operation not perm"..., 38ping: socket: Operation not permitted
) = 38
but without tracing the system call the ping process gets the required privileges anyway
Code:
$ /bin/ping -c 1 www.google.it
PING www.google.it (172.217.18.35) 56(84) bytes of data.
64 bytes from mrs08s01-in-f3.1e100.net (172.217.18.35): icmp_seq=1 ttl=48 time=10.5 ms
--- www.google.it ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 10.553/10.553/10.553/0.000 ms
$ ls -l /bin/ping
-rwxr-xr-x. 1 root root 66176 Aug 4 2017 /bin/ping
I don't get why..
the executable isn't a suid/sgid binary
$ ls -l /bin/ping
-rwxr-xr-x. 1 root root 66176 Aug 4 2017 /bin/ping
and the user isn't in the wheel group
$ id
uid=1001(barney) gid=1001(barney) groups=1001(barney) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
wtf..
Bookmarks