On Fri, Dec 13, 2024 at 08:53:09PM +0100, Andre Klärner wrote: > it would be nice if the change from this bug would be mentioned in > NEWS.Debian.
Agreed, this should happen. It also needs to be mentioned in release notes for Debian 13. Here's an initial proposal for NEWS text, let me know if it makes sense: iputils-ping is no longer installed with built-in privilege escalation via Linux capabilities(7). Instead, it relies on kernel runtime configuration supplied by the linux-sysctl-defaults package, which is installed by default. If you are not installing linux-sysctl-defaults package, you may wish to consider setting the net.ipv4.ping_group_range sysctl variable to grant the ability to run ping to non-root users based on group membership. Executing /sbin/sysctl -w net.ipv4.ping_group_range="0 2147483647" or adding the following line to a new file /etc/sysctl.d/ping.conf file will grant the ability to all unprivileged groups: net.ipv4.ping_group_range="0 2147483647"
