Skip to content

Interesting: icmp without priviledges or capabilities #105

Open
Open
Interesting: icmp without priviledges or capabilities#105
@dreua

Description

@dreua
dreua
opened on May 4, 2023

It should be possible to send and receive icmp pings without priviledges or capabilities:

Unfortunately it's not as simple as:

        if( psaddr.sin6_family == AF_INET )
        {
-               return socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
+               return socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP);
        }
        else if( psaddr.sin6_family == AF_INET6 )
        {
-               return socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+               return socket(PF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
        }

This compiles and runs but it shows all pings as lost. Might be easy to fix, I've just spent two minutes to make this quick test.

The usage of this kernel feature might be restricted, but I expect it to be allowed on all modern unix systems. (I may be wrong, but has probably been introduced to allow containers (docker etc.) to use ping without any priviledges. As using containers is pretty standard nowadays it is reasonable to assume that it should be allowed on all modern Linux distributions.)

# Fedora Linux 38
$ sysctl net.ipv4.ping_group_range 
net.ipv4.ping_group_range = 0	2147483647

# Lineage OS on Pixel 3a
sargo:/ $ sysctl net.ipv4.ping_group_range                                                                          
net.ipv4.ping_group_range = 0	2147483647

TODO

  • Check for rate limiting
  • Check with IPv6 (i.e. why is the kernel setting ipv4 only?)
  • Check on unrooted stock Android

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions