orf
FreeBSD: needs superuser ro run
gping 1.5.1 / FreeBSD
Running with a normal user, a blank window and error:
Error: receiving on a closed channel
Runs ok with superuser root.
@nunotexbsd I've tried to make ping failures (exits etc) more graceful. Can you give master a go and tell me what happens?
Open to suggestions on how to to make this more fluid.
1 - running with normal user, no screen, error:
There was an error running ping: exit status: 77
2 - su, quiting , q or ctrl-c after success ping:
ending!
3 - su, non resolved url:
Error: failed to lookup address information: Name does not resolve
Caused by:
Could not resolve hostname jhgjgjg.com
4 - su, host down: blank screen, no error, hangs
[2],[3] OK
Running with a normal user, a blank window and error:
Error: receiving on a closed channelRuns ok with superuser root.
That's the expected result. Sending ICMP packets required superuser privileges on Unix systems. The ping command has the setuid flag set, so it's always run on superuser level.
There are several option how gping could get around this issue.
- Use the
pingcommand and parse the output. - Do a UDP Ping instead of an ICMP Echo Request.
- Ask the user to
chownandsetuida precompiled gping binary.
Option 2 could be done transparently - if the script detects it can't use ICMP Echo Requests, it could try to fall back to UDP Pings.
@Klaws--,
Option 2 is temptive and avoid setuid.
Could you make that change so I and FreeBSD port maintainer @ehaupt could test?
Thanks
Running gping 1.16.1 as unprivileged user on FreeBSD 14.0-RELEASE amd64 I get:
$ gping www.google.com
There was an error running ping: exit status: 1
Stderr: ping: Operation not permitted: only root may use interval < 1s
However, the suggested workaround always worked for me:
$ gping --watch-interval 1 www.google.com
[runs as expected]
If it is desired to have the suid bit set I could add an option similar to the trippy port.
Additionally, it might be beneficial for gping to automatically adjust the ping interval to 1 second if it detects that the user does not have superuser privileges. This could enhance usability and avoid the need for manual workarounds in similar situations.
I never realised how stupidly and mind-numbingly complex running the “ping” command would be before I started this project.
Sure, I can add a default interval of 1s to freebsd builds if the user is not root. Why not. Why do I have to? Reasons. Why does it have a specific and different ping output than other OSs? More reasons. Why are the flags different? You guessed it, “reasons”.
If anyone fancies doing this then the fix is fairly simple, otherwise I’ll do it the next time I have some OSS time scheduled.
Does anyone know why the hell super user privileges are required to use an interval of less than 1s? I can’t find any rationale. If it’s because we’re timelocked to the 1980s and we’re trying to prevent malicious users from DDOSing machines with a low ping interval i’m going to looooose my god damn mind.
I can understand your frustration. I'm not sure as to why but I suspect the same.
Could you please review my branch I've created? It works(tm) on my machine.
Hey @ehaupt, thanks for the branch! Sorry about the late reply, I was travelling for work and had limited time. Your branch looks great - would you be able to make a PR so you are attributed + the tests are run? If not I can cherry pick and do it myself.
Hey no worries @orf there is no rush. I'll work out a PR. I think we should probably discriminate between Linux and *BSD.
I've also sent a message to freebsd-hackers to see what's up with the restriction 🤞
Hey no worries @orf there is no rush. I'll work out a PR. I think we should probably discriminate between Linux and *BSD.
I'm happy to rework the PR to handle this - we also need to ensure it works on Windows as well. I had a brief look at the users crate and it seems like it would need to be gated by a cfg macro as it uses libc directly. Also happy to do this if you don't have the capacity 👍
I would be more than happy if you could integrate my rather unrefined prototype. I have also linked another PR (OpenBSD) to this issue. It seems that addressing this directly at the source would definitely benefit users.