From owner-freebsd-stable@freebsd.org Tue Aug 18 18:50:43 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEF7A9BDDD8 for ; Tue, 18 Aug 2015 18:50:43 +0000 (UTC) (envelope-from tom@samplonius.org) Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com [209.85.220.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B951A1B1D for ; Tue, 18 Aug 2015 18:50:43 +0000 (UTC) (envelope-from tom@samplonius.org) Received: by pabyb7 with SMTP id yb7so138491998pab.0 for ; Tue, 18 Aug 2015 11:50:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=D1HmliL4RG+zTX2nXVlnoFBs67CQeNNUj2RvXiOJaIU=; b=gl9soKXq0dGgfYTdbYT2IN7LWDbDJFDDW+TJl8mg58u8bpHQjBU6IyDn7X0WsAmKhH VikBB+RSLj1bwoSJtnBnD9IuHrkxNarryOkfVaWvZLKa10f3WrBz+dGOdCmCg/iD+sDD lTXSQdjTv8GI9tm524jhzG9VN75/UULxrM645K1RTY/KGryi4iNNHFOZfRz345GFiuQW DyHn8NMm30TphyIU5orCkfemHT7jYLlWMR3A9NRSgDHRLRx3lnCA6Ksc+GGyrAzum3Fr kL1UMhqmSk/K6dQ6bBu6ZnCswqG1RDdjzpsSvovxUZ139pcIXJwqv88Y1vKF7RriSXxc 7vvw== X-Gm-Message-State: ALoCoQn1efOMBcgPf0nXahkUj7R/00yMGhvtk97wfhXOCzp5dc9XE0/RE7elKcUvv1fCYI5E4mV1 X-Received: by 10.68.135.66 with SMTP id pq2mr16195527pbb.29.1439923837198; Tue, 18 Aug 2015 11:50:37 -0700 (PDT) Received: from [192.168.10.51] (vpn.unet.ca. [97.107.176.59]) by smtp.gmail.com with ESMTPSA id qn6sm18885986pbc.22.2015.08.18.11.50.36 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 18 Aug 2015 11:50:36 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: ping from web application From: Tom Samplonius In-Reply-To: <444mjwisy1.fsf@lowell-desk.lan> Date: Tue, 18 Aug 2015 11:50:34 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <4FD40952-8DE5-4800-9BC3-C099E09C36AE@samplonius.org> References: <20150818150924.5e9bef04@efreet> <444mjwisy1.fsf@lowell-desk.lan> To: FreeBSD Stable X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Aug 2015 18:50:44 -0000 > On Aug 18, 2015, at 7:15 AM, Lowell Gilbert = wrote: >=20 > Marko Cupa=C4=87 writes: >=20 >> I use web applicaton (net-mgmt/phpipam) which should have the ability >> to check hosts' availability via ping. I can even specify path to = ping >> executable. >>=20 >> This functionality does not work on FreeBSD by default, and suggested >> workaround is to set setuid bit on /sbin/ping. >>=20 >> I don't like to modify permissions of base files. Is there an >> alternative solution? e.g. a port? >=20 > In what way does ping(8) not work? A look at its error output should > tell you what the problem is. >=20 > Additionally, the standard permissions on /sbin/ping *are* suid root. > It certainly won't work if you've changed that, so just change it = back. >=20 > And yes, there are other ping programs present, including some with > pretty graphical web page UIs. But there's no reason that PHP should > have trouble calling /sbin/ping. It is a pretty standard issue: only apps running as root can send = ICMP directly, as ping does. PHP runs in Apache, and to prevent = security issues with privilege escalation setuid programs are forced to = run as an unprivileged user. I would check to see how =E2=80=9Cfping=E2=80=9D in Nagios solved this = issue. Tom