[Buildroot] [PATCH 1/2 v7] package/iputils: drop setuid on arping

Petr Vorel petr.vorel at gmail.com
Thu Aug 1 17:25:28 UTC 2019


Hi Yann,

> arping can be used for arp poisoning, so it should really not be setuid.

> Reported-by: Petr Vorel <petr.vorel at gmail.com>
> Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
Acked-by: Petr Vorel <petr.vorel at gmail.com>
+1
> ---
>  package/iputils/iputils.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

> diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
> index b28222138f..7482bbdca1 100644
> --- a/package/iputils/iputils.mk
> +++ b/package/iputils/iputils.mk
> @@ -80,7 +80,7 @@ IPUTILS_POST_INSTALL_TARGET_HOOKS += IPUTILS_CREATE_PING6_SYMLINK
>  # handle permissions ourselves
>  IPUTILS_CONF_OPTS += -DNO_SETCAP_OR_SUID=true
>  define IPUTILS_PERMISSIONS
> -	/usr/sbin/arping      f 4755 0 0 - - - - -
> +	/usr/sbin/arping      f  755 0 0 - - - - -
>  	/usr/bin/clockdiff    f 4755 0 0 - - - - -
>  	/bin/ping             f 4755 0 0 - - - - -
>  	/usr/bin/traceroute6  f 4755 0 0 - - - - -


Kind regards,
Petr


More information about the buildroot mailing list