Re: [PATCH v3] net: ipv4: add IPPROTO_ICMP socket kind

From: Andi Kleen
Date: Fri May 13 2011 - 17:31:31 EST

Next message: Felipe Balbi: "[RFC/PATCH 02/13] net: wl12xx: sdio: add a context structure"
Previous message: Margarita Olaya: "[PATCHv3 2/4] tps65912: irq: add interrupt controller"
In reply to: David Miller: "Re: [PATCH v3] net: ipv4: add IPPROTO_ICMP socket kind"
Next in thread: Eric Dumazet: "[PATCH net-next-2.6] net: ipv4: add ping_group_range documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vasiliy Kulikov <segoon@xxxxxxxxxxxx> writes:

> This patch adds IPPROTO_ICMP socket kind. It makes it possible to send
> ICMP_ECHO messages and receive the corresponding ICMP_ECHOREPLY messages
> without any special privileges. In other words, the patch makes it
> possible to implement setuid-less and CAP_NET_RAW-less /bin/ping. In
> order not to increase the kernel's attack surface, the new functionality
> is disabled by default, but is enabled at bootup by supporting Linux
> distributions, optionally with restriction to a group or a group range
> (see below).

You'll need to do a manpage patch too. Otherwise noone will know how to use
it.

-Andi

--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Felipe Balbi: "[RFC/PATCH 02/13] net: wl12xx: sdio: add a context structure"
Previous message: Margarita Olaya: "[PATCHv3 2/4] tps65912: irq: add interrupt controller"
In reply to: David Miller: "Re: [PATCH v3] net: ipv4: add IPPROTO_ICMP socket kind"
Next in thread: Eric Dumazet: "[PATCH net-next-2.6] net: ipv4: add ping_group_range documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]