[Buildroot] [PATCH 1/2 v7] package/iputils: drop setuid on arping
Petr Vorel
petr.vorel at gmail.com
Thu Aug 1 17:25:28 UTC 2019
Hi Yann,
> arping can be used for arp poisoning, so it should really not be setuid.
> Reported-by: Petr Vorel <petr.vorel at gmail.com>
> Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
Acked-by: Petr Vorel <petr.vorel at gmail.com>
+1
> ---
> package/iputils/iputils.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
> index b28222138f..7482bbdca1 100644
> --- a/package/iputils/iputils.mk
> +++ b/package/iputils/iputils.mk
> @@ -80,7 +80,7 @@ IPUTILS_POST_INSTALL_TARGET_HOOKS += IPUTILS_CREATE_PING6_SYMLINK
> # handle permissions ourselves
> IPUTILS_CONF_OPTS += -DNO_SETCAP_OR_SUID=true
> define IPUTILS_PERMISSIONS
> - /usr/sbin/arping f 4755 0 0 - - - - -
> + /usr/sbin/arping f 755 0 0 - - - - -
> /usr/bin/clockdiff f 4755 0 0 - - - - -
> /bin/ping f 4755 0 0 - - - - -
> /usr/bin/traceroute6 f 4755 0 0 - - - - -
Kind regards,
Petr
More information about the buildroot
mailing list