HPE Community
Operating System - HP-UX
1820554 Members
2709 Online
109626 Solutions
New Discussion юеВ

Re: ping: socket: Not owner

 
SOLVED
Go to solution
Omar Alvi_1
Super Advisor

тАО07-22-2003 05:40 AM

тАО07-22-2003 05:40 AM

ping: socket: Not owner

Hi,

When using the ping command as any non root user, the folloeing error is seen

ping: socket: Not owner

Thanks,

-Alvi
0 Kudos
Reply
8 REPLIES 8
James R. Ferguson
Acclaimed Contributor

тАО07-22-2003 05:50 AM

тАО07-22-2003 05:50 AM

Solution

Re: ping: socket: Not owner

Hi Alvi:

Make sure the the 'ping' executable is owned by 'root' with the setuid bit on:

-r-sr-xr-x 1 root bin 36864 May 28 2001 /usr/sbin/ping

Regards!

...JRF...
Reply
Steven E. Protter
Exalted Contributor

тАО07-22-2003 05:54 AM

тАО07-22-2003 05:54 AM

Re: ping: socket: Not owner

ping is a pretty powerful tool and should not be given for use to users other than root.

It was the ping command, from thousands of servers that was used in denial of service attacks on ebay and yahoo a few years ago.

Networking is the domain of the root user. The systems administrator is the only one that should need that tool.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mark Greene_1
Honored Contributor

тАО07-22-2003 07:14 AM

тАО07-22-2003 07:14 AM

Re: ping: socket: Not owner

Steven,

Do you mean the "ping of death"?

http://www.insecure.org/sploits/ping-o-death.html

Is this still a problem? I would have expected every OS to have a patch for this by now.

mark
the future will be a lot like now, only later
0 Kudos
Reply
Tal Drigov_2
Advisor

тАО07-22-2003 07:15 AM

тАО07-22-2003 07:15 AM

Re: ping: socket: Not owner

Hi Alvi,

Change the owner of the file /etc/ping from root to bin !

Cheers,
Tal.
If it's ain't broken, don't fix it...
0 Kudos
Reply
Omar Alvi_1
Super Advisor

тАО07-23-2003 12:38 AM

тАО07-23-2003 12:38 AM

Re: ping: socket: Not owner

Hi,

Thnanks JRF, permissions problem indeed.

About setuid the manpage for chmod says:

s Add or delete the set-owner-ID-on-file-execution or set-group-ID-on-file-execution permission for who. "Useful only if u or g is expressed or implied in who."

What does the line in "quotes" mean? What is who (the command?) and how do you imply u or g (obsolete number permissions?)

Is the effect of setting user id in fact like a "execute as root", or is it something else? Is setuid specific for root owned files?

What is the sticky bit?

Thanks for the help.
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО07-23-2003 01:08 AM

тАО07-23-2003 01:08 AM

Re: ping: socket: Not owner

Hi,

Case 1:
( Without sticky bit )
-r-xr-xr-x 1 root bin 36864 May 28
2001 /usr/sbin/ping

who is the owner of the file ? user root and group bin.

Executable permission is set for all.

But if i execute this file viz. continous ping as a normal user user A. Then open one more terminal

#ps -ef | grep ping

then you can see the effective user id of the ping process running in CPU will be user A.

But that is the real problem. In unix to create sockets ( UDP in our case - as ping uses ICMP - UDP ) a process has to run as a privileged user. So with the above permission you will get a error.

Case 2:
(With Sticky bit)

-r-sr-xr-x 1 root bin 36864 May 28 2001 /usr/sbin/ping

With sticky bit set , it means if any user executes the file , eventhough the user is not the owner of the file , the effective user of the running process will assume the user id of the owner of the file. viz. root in our case.

So now after sticky bit set the effective user of the running ping command will be the root. So the root is privileged to create the sockets now and will create the required udp sockets to send ICMP echo requests to the destination IP address.

regards,
U.SivaKumar
Innovations are made when conventions are broken
Reply
Omar Alvi_1
Super Advisor

тАО07-23-2003 02:05 AM

тАО07-23-2003 02:05 AM

Re: ping: socket: Not owner

Thanks U. Siva,

Thats cleared my sticky bit concepts.

Regards
-Alvi


0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО07-23-2003 03:28 AM

тАО07-23-2003 03:28 AM

Re: ping: socket: Not owner

Hi (again) Alvi:

The 'sticky' bit on an executable file causes the swap image of the program's text segments to be retained even when the last user's execution terminates. This results in a faster subsequent execution. When the sticky bit is set, a 't' appears thusly:

-r-xr-xr-t

The 'setuid' bit was the missing permission in your case. When set, the 'setuid' bit causes the process's effective uid to become that of the owner of the file. When the setuid bit is set, an 's' appears thusly:

-r-sr-xr-x

For more information, see the man pages for 'chmod(2)'.

Regards!

...JRF...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.