[SOLVED] setuid is automatically removed from ping exe after copying

vincix · 05-25-2020, 12:24 PM

Any ideas why the setuid would be automatically removed when I copy ping to /root, for instance?
Is this documented anywhere? Is it standard or maybe distro-related?

Code:

root@testy:~# ls -l /bin/ping
-rwsr-xr-x 1 root root 64424 Jun 28  2019 /bin/ping
root@testy:~# cp /bin/ping /root
root@testy:~# ls -l /root/ping
-rwxr-xr-x 1 root root 64424 May 25 17:23 /root/ping

This is Ubuntu 18.04, which, weirdly enough, still uses setuid instead of capabilities for ping.

ehartman · 05-25-2020, 01:11 PM

Quote:

Originally Posted by vincix

Is this documented anywhere? Is it standard or maybe distro-related?

It is cp related: look at the -p option
Normally cp doesn't preserve either mode, ownership nor timestamps

PS: in my system 'ping' doesn't have have READ access either for others than root, so it's -rws--x--x

vincix · 05-25-2020, 01:26 PM

What are you using? Slackware?
I see this is how it is in Centos 7. But Centos 7 uses capabilities, instead of setuid. And I guess the read permissions are useless, nonetheless.

Code:

[root@domain ~]# ls -l /bin/ping
-rwxr-xr-x 1 root root 66176 Aug  4  2017 /bin/ping
[root@domain ~]# getcap /bin/ping
/bin/ping = cap_net_admin,cap_net_raw+p

But yeah, good point about cp, didn't think of that in this context, although I've come across the problem when I really needed to preserve permissions