Comments (7)
sunwire
commented on July 25, 2024
1
By the way, your article on Fedora only mentions the
pingand not thetraceroutebinary.
Yes you are right, but I meant neither ping nor traceroute need suid or cap.
Fedora uses this implementation of tracerout. Citation from the web page:
Note, that this implementation is intended for Linux only. It utilizes some currently Linux-specific features (including MSG_ERRQUEUE for recvmsg(2)), which allow such things like the use by unprivileged users (without setuid bit) for some type of tracerouting. The Linux kernel 2.6 or higher required.
from icmplib.
ValentinBELYN
commented on July 25, 2024
Hi @tieugene! Thank you for this suggestion.
I was already aware of this behavior during my tests when I was implementing the mechanism to run certain functions without root privileges.
However, I try to make sure to offer developers only functions that are compatible with at least two operating systems including Linux (which is mainly used with this library).
So yes indeed, it works on Linux but you only get the last hop. It is therefore more of a ping, although much less efficient than the function dedicated to this purpose. This is why, even if under macOS it works, I did not retain this possibility.
Thank you anyway for your involvement!
from icmplib.
tieugene
commented on July 25, 2024
So yes indeed, it works on Linux but you only get the last hop. It is therefore more of a ping, although much less efficient than the function dedicated to this purpose. This is why, even if under macOS it works, I did not retain this possibility.
Nevertheless traceroute/tracert utility works ok in any desktop OS without root privileges.
from icmplib.
ValentinBELYN
commented on July 25, 2024
Nevertheless traceroute/tracert utility works ok in any desktop OS without root privileges.
It's not completely true. In fact, the ping and traceroute programs run as root on all systems. They are installed with root as the owner and the setuid bit enabled, allowing non-root users to run them with root privileges. setcap can also be used for this purpose.
from icmplib.
sunwire
commented on July 25, 2024
It's not completely true. In fact, the
pingandtracerouteprograms run as root on all systems. They are installed with root as the owner and thesetuidbit enabled, allowing non-root users to run them with root privileges.
It used to be like that, but not now.
ls -l /usr/bin/traceroute /usr/bin/ping
-rwxr-xr-x. 1 root root 95232 2021-07-25 /usr/bin/ping
-rwxr-xr-x. 1 root root 79056 2021-07-24 /usr/bin/traceroute
OS: Fedora more info
from icmplib.
ValentinBELYN
commented on July 25, 2024
It used to be like that, but not now.
Yes, that's why I added "setcap can also be used for this purpose." (file capabilities).
For the net.ipv4.ping_group_range parameter, icmplib already uses it for its ping function (when datagram sockets are used in non-privileged mode) : read more. The traceroute function requires raw sockets to receive ICMP Time Exceeded messages from gateways. Raw sockets require root privileges to run and the net.ipv4.ping_group_range parameter has no effect on this.
By the way, your article on Fedora only mentions the ping and not the traceroute binary.
from icmplib.
ValentinBELYN
commented on July 25, 2024
Hi @sunwire,
Thanks for these informations. It's very interesting. I'll try to see the implementation used and maybe use it for icmplib. If you have time, don't hesitate to make a PR. I will be happy to validate it!
from icmplib.
Related Issues (20)
- Enhancement: class Host to return a dict with it's data HOT 1
- The regular time.time() function does not work well in Windows, rtt = 0 HOT 2
- Can only receive the last hop using traceroute on Windows HOT 3
- The future of icmplib
- traceroute only provides last hop HOT 1
- samsung.com - Packetloss 100.0% HOT 1
- Add the ability to set the DF flag and get MTU size feedback from the ICMP protocol.
- Actual license is unclear: is it LGPLv3 or LGPLv3+? HOT 1
- Add reply payload retrieval and checking HOT 1
- The traceroute under ipv6 only displays the last hop HOT 3
- Whats the difference between icmpLib and the icmpLibv2(forked from IcmpLib) ? HOT 3
- Use predefined socket either SOCK_DGRAM / SOCK_RAW on every invocation of ping API HOT 1
- After upgrading to ubuntu 22.04 sysctl changes are needed again HOT 3
- Feature: auto-detect best "privileged" setting HOT 3
- Feature: unprivileged traceroute HOT 4
- Error on running very basic Ping command HOT 1
- Running traceroute only returns final hop HOT 1
- Make payload more flexible HOT 2
- Unnecessary last `sleep()` in `multiping()` HOT 2
- Feature: Async traceroute
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from icmplib.