Your message dated Tue, 22 Apr 2025 12:09:07 +0000
with message-id <e1u7cr1-007flo...@fasolo.debian.org>
and subject line Bug#1103864: fixed in iputils 3:20240905-3
has caused the Debian Bug report #1103864,
regarding iputils-clockdiff: missing CAP_NET_RAW
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1103864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103864
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: iputils-clockdiff
Version: 3:20240905-2
Severity: normal
Dear Maintainer,
Since 3:20240905-1, CAP_SYS_NICE is set on the clockdiff executable via
`setcap cap_net_raw+ep $PROGRAM && setcap cap_sys_nice+ep $PROGRAM` in
postinst. However, the latte overrides the former, making clockdiff
lose the capability to create SOCK_RAW sockets.
$ clockdiff 127.0.0.1
clockdiff: socket: Operation not permitted
$ sudo getcap /usr/bin/clockdiff
/usr/bin/clockdiff cap_sys_nice=ep
This can be easily fixed by setting two capabilities at once in
postinst:
setcap 'cap_net_raw+ep cap_sys_nice+ep' $PROGRAM
Meanwhile, the NEWS entry of 3:20240905-2 said:
[...] clockdiff are no longer installed with access to the CAP_NET_RAW
linux capability, but instead use ICMP_PROTO datagram sockets for
network communication. Access to these sockets is controlled by GID
based on the net.ipv4.ping_group_range sysctl. [...] In normal
installations, the linux-sysctl-defaults pacakge [...] allowing
unprivileged users to use these commands as expected.
This is not true. net.ipv4.ping_group_range has nothing to do with
clockdiff, which always creates SOCK_RAW sockets, making CAP_NET_RAW
mandatory for unprivileged users. Thus, the NEWS entry may also need to
be corrected.
Thanks,
Rong
--- End Message ---
--- Begin Message ---
Source: iputils
Source-Version: 3:20240905-3
Done: Noah Meyerhans <no...@debian.org>
We believe that the bug you reported is fixed in the latest version of
iputils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noah Meyerhans <no...@debian.org> (supplier of updated iputils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Apr 2025 07:36:44 -0400
Source: iputils
Architecture: source
Version: 3:20240905-3
Distribution: unstable
Urgency: medium
Maintainer: Noah Meyerhans <no...@debian.org>
Changed-By: Noah Meyerhans <no...@debian.org>
Closes: 1103864
Changes:
iputils (3:20240905-3) unstable; urgency=medium
.
* clockdiff: Fix setcap invocation (Closes: #1103864)
* Update NEWS entry for ICMP_PROTO datagram socket use
Checksums-Sha1:
144df8804d2e751bc8c252576dd332dfafd5ba7c 2159 iputils_20240905-3.dsc
d9aa0c3e0b84f78689bc875a6fcc0ca8ce38e117 10580 iputils_20240905-3.debian.tar.xz
d3fcaca2f72d8ee07638d5353fd3414f69847410 7449
iputils_20240905-3_source.buildinfo
Checksums-Sha256:
afc7bbd48f2f949553bdfdaf2a802e1301ee7fe9b7033176533bdd8a3d4bc9d8 2159
iputils_20240905-3.dsc
5a793bde24830b931355e5c4b341a2fbc580e34426797806f0721e4bb0cb6ce0 10580
iputils_20240905-3.debian.tar.xz
a4f098e5c903f1ad758d72fde8948bc7de3abd941457990ba966d92a3bcddcd0 7449
iputils_20240905-3_source.buildinfo
Files:
d09af7ae839b2e214a78ebfb07aa377d 2159 net optional iputils_20240905-3.dsc
e35509d23e2236005e22a78eab63dc74 10580 net optional
iputils_20240905-3.debian.tar.xz
cdc62049db37da470030c106d8ed57e5 7449 net optional
iputils_20240905-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE5G+E0xEKhJuZ7RJ34+c1IpshdTUFAmgHf4gACgkQ4+c1Ipsh
dTXjohAAxtvM4NuKhVKb3CSwab/eCJi7nr8Sm9Gnt0rFbKpPDsSDyt3/Ht0SrnsB
pF6Ls82Rye+suqd9oBWGDxhFRQF844R4lDD4iNCPhYAzLvWNuv6ODe39tDlc1lry
HY+d5FbSeQxmF3ZlHsQ7/Cu+//Ck4sTHf1TpLaXBcm3v9WtC8oPzPvQDSN4Hyi8H
kKFQgr9inuo+Uh9Nh8Z758Sg0q2nHt9eFvhLL3gpkItPo2pT860Cl+J6YGIzs8MR
3g3VkXmeRIJaXZJyU1X1oB9oEGX0+Vzzt+ubNmaNamvQnXEwM3wA+pOp/637nUi+
q+QJ1UNZ6sDIMAOCLgGx82qMsCTyOxKJ93ExOjeevfIRehqEAiz8ycqFVpq57IS3
81WU/Khbqg/5hf/f8rXYLmkMSeeoJJli2/8rhEi8AR95w5BHeavn4a07fZKEA15f
J972ZXAlfvEMEhd31Yp5nCWjL08V1Mzn5ZwTJ4xpiGXiVjvkfVpNxbNxu454v8Qm
tcMQjyDB+Rk1857Q+IfaHtP8U3498BhB9RYIkli7t13pBL6ux8YZM8YW6q2FFFE7
OMlLY1qRYcSHORVGxMNqX4H2rDnJNhwbSuS8KIPzt53crcEZbWHJ+IZDZ4zjNz+m
oyfOcImrpkWZaYHMA6SwsDJviz6l/vum7wHw15YpsoabBphX570=
=+TwM
-----END PGP SIGNATURE-----
pgppQbC5BK22Y.pgp
Description: PGP signature
--- End Message ---
