Re: Report and tasks from the All-Russian Olympiad on the administration of Linux-systems

Published on November 29, 2013

Re: Report and tasks from the All-Russian Olympiad on the administration of Linux-systems

    Then there was an interesting note about subj. The first question of the first round baffled me. It’s not so much a question as a correct answer from the organizers. It turns out that ping is performed from the root. On my system this is not the case. I am sure that if you use a fairly modern system, then you do not ping from the root.

    The fact is that in Linux since the last millennium (!) There is such a thing as capabilities. So little is written in man capabilities that there’s nothing to even say: using the setcap command, you can set executable files the rights to use different subsystems without root rights. In particular, for ping, only CAP_NET_RAW permissions are sufficient. There are lots of collectionsTips on how to get rid of suid-bits for various system programs.

    It is a pity that people who use modern systems and keep abreast of the development of Linux did not have a single chance to go even the first round of this Olympiad.

    Dinara Safina, the first racket of the world, by the way, (photo from here ) is also shocked.

    Happy Friday everyone!



    I didn’t read the rest of the questions, for sure there are a lot of interesting things there too, do not pass by .

    For reference, a complete dossier on my ping:

    $ ls -l / usr / bin / ping
    -rwxr-xr-x 1 root root 40032 Aug 13 18:56 / usr / bin / ping
    $ getcap / usr / bin / ping
    / usr / bin / ping = cap_net_raw + ep

    And here is the ancient slaka:

    $ ls -l / bin / ping
    -rws - x - x 1 root root 29364 2006-08-14 02:20 / bin / ping *
    $ getcap / bin / ping
    -bash: getcap: command not found
    $ uname -r # хотя ядро там эту фичу уже поддерживает
    2.6.30.6
    

    UPD: hipp and other users who ro on the hub and write to me on my site: I don’t know how to answer you :-) If you want me to answer you, leave something other than habranikov or just write me an e-mail. Thanks for the resonance.

    UPD: alizar hints to me that Dinara Safina ended her career in 2011. But (this is from me) she is still well done! :-) And the 2.2 kernel was released in 1999, and many have not noticed so far.

    UPD (important) : they write to me in the mail that for years since 2010 in Linux (the kernel) there are so-called ping-sockets implemented by our compatriot (Vasily Kulikov from Openwall). I looked about it, it turns out man 7 icmpI have an interface sticking in / proc even for it/proc/sys/net/ipv4/icmp_*. Who cares, you can start googling with the words "userspace ping utility".

    Thank you Sergey! Friday is not in vain!

    Only registered users can participate in the survey. Please come in.

    ps auxwww | grep ping | grep -v grep # so how? from root on your ping system?