On Mon, Aug 22, 2005 at 12:03:49PM -0400, Jason Gurtz wrote: > On 8/21/2005 10:54, Matthew Burgess wrote: > > > ping.c:63 - "This program has to run SUID to ROOT to access the ICMP > > socket." > > That's crazy. Normal pings shouldn't require root.
IIRC, the standard kernel socket interface simply has no way to send any kind of ICMP packet (echo-request included). Therefore, you need to open a raw socket, and write the headers yourself. To create a socket using PF_PACKET and SOCKTYPE_RAW (which I believe is the only way to send ICMP), you must be root. The socket() call will fail if you aren't root, and you pass those flags. It may be possible to use PF_PACKET and SOCKTYPE_DGRAM, but I don't know for sure. (That may require the caller to be root also). This isn't a requirement of the ping program. It's a requirement of the kernel.
pgpYCoofaR5bz.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
