Re: Report and tasks from the All-Russian Olympiad on Linux-systems administration

Then there was an interesting note about subj. The first question of the first round put me in a dead end. Not even so much a question as the correct answer of the organizers. It turns out they ping from the root. On my system, this is not the case. I am sure that if you use a sufficiently modern system, then your ping is not performed from the root.

The fact is that in Linux since the last millennium (!) There exists such a thing as capabilities. So little is written in man capabilities that even there is nothing to retell: with the help of the setcap command you can set the executable files for the rights to use different subsystems without root rights. In particular, for pinging, only CAP_NET_RAW rights are sufficient. There are lots of collections of tips on how to get rid of suid-bits for various system programs.

It is a pity that people who use modern systems and keep abreast of the development of Linux, did not have a single chance to go through even the first round of this Olympiad.
')
Dinara Safina, the first racket of the world, by the way, (photo from here ) is also shocked.

Happy Friday everyone!



I did not read the remaining questions, for sure there are also many interesting things there, do not pass by .

For reference, the complete dossier on my ping is:

 $ ls -l / usr / bin / ping
 -rwxr-xr-x 1 root root 40032 Aug 13 18:56 / usr / bin / ping
 $ getcap / usr / bin / ping
 / usr / bin / ping = cap_net_raw + ep 

But the ancient slaka:

 $ ls -l / bin / ping
 -rws - x - x 1 root root 29364 2006-08-14 02:20 / bin / ping *
 $ getcap / bin / ping
 -bash: getcap: command not found
 $ uname -r # although the kernel already supports this feature there
 2.6.30.6

UPD: hipp and other users who ro on Habré and write to me on my site: I don’t know how to answer you :-) If you want me to answer you, leave something other than habrunches or just write me by mail. Thanks for the resonance.

UPD: alizar hints to me that Dinara Safina ended her career in 2011. But (this is from me) she's still great! :-) And kernel 2.2 came out in 1999, and many have not noticed this until now.

UPD (important) : they write to me in the mail that already since the year 2010 in Linux (the kernel) there are so-called ping-sockets implemented by our compatriot (Vasily Kulikov from Openwall). I looked, about it, it turns out there is a man 7 icmp in my / proc sticking out even for it the interface /proc/sys/net/ipv4/icmp_* . Who cares, you can start Google with the words "userspace ping utility".

Thank you, Sergey! Friday lived not in vain!