Subject: | Solaris 10 and icmp - using privilege sets |
Solaris 10 does not require root access to be able to use icmp.
A privilege net_icmpaccess can be assigned to any non privileged id to
access icmp and ping ...
When running the module with that privilege, the following hardcoded
error is generated:
Net/Ping.pm: croak("icmp ping requires root privilege") if ($> and
$^O ne 'VMS' and $^O ne 'cygwin');
apsz9021:/home/unixscan #/opt/UNXSC/perl/perl-
5.10.0/bin/perl /tmp/test.pl
icmp ping requires root privilege at /tmp/test.pl line 4
apsz9021:/home/unixscan #cat /tmp/test.pl
#!/opt/UNXSC/bin/perl
use Net::Ping;
$p = Net::Ping->new("icmp");
if ($p->ping("www.google.com",5)) {
print "google pings\n";
}
apsz9021:/home/unixscan #ppriv $$
22181: -bash
flags = <none>
E: basic,net_icmpaccess,net_privaddr,net_rawaccess
I: basic,net_icmpaccess,net_privaddr,net_rawaccess
P: basic,net_icmpaccess,net_privaddr,net_rawaccess
L:
basic,contract_event,contract_observer,file_chown,file_chown_self,file_d
ac_execute,file_dac_read,file_dac_search,file_dac_write,file_owner,file_
setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,ne
t_mac_aware,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_lock_
memory,proc_owner,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sy
s_mount,sys_nfs,sys_resource