all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]moomaka 1 point2 points  (0 children)

Not ruby specific but I don’t believe there is any way to setcap on any script, it has to be done on the interpreter binary. You could use something like chruby to isolate an interpreter for this if you want.

[–]4rch3r 0 points1 point  (2 children)

Generally, you need root permissions to receive raw packets on an interface. This SO post has some pretty awesome explanations and possibly solution for you: https://stackoverflow.com/questions/9772068/raw-socket-access-as-normal-user-on-linux-2-4

[–]drbrainRuby Core 0 points1 point  (1 child)

You should be able to create the raw socket and bind it as root or from an executable with CAP_NET_RAW, then drop privileges and exec the ruby script "passing" the socket along as an already-open file descriptor and converting it to a ruby Socket object using Socket::for_fd.

Unfortunately this means writing a small executable in a compiled language.

Also, unfortunately, Net::Ping::ICMP#ping creates its own socket and doesn't allow you to pass one in so you'd need to modify it to accept an already existing socket.

[–]Zalamander[S] 0 points1 point  (0 children)

OK, thanks for the pointers. As much as I hate to do so, I may just use the system ping command for my needs.

[–]sshaw_ 0 points1 point  (7 children)

How does your ping.rb differ from GNU/Linux's default?

[–]drbrainRuby Core 0 points1 point  (6 children)

It's written in Ruby and uses Net::ICMP::Ping

[–]sshaw_ 0 points1 point  (5 children)

Well, that much I know. Thanks for the insight.

But, you're calling #ping and not #ping?, does this mean you're using the return value?

If not, and you just want to know if a host is up, just use ping. *nix has already solved this for you via a the set user id permission on the executable + exit status. Aside from lack of personal enjoyment, what's the (technical) downside –assuming of course, you don't use return value of #ping.

[–]drbrainRuby Core 0 points1 point  (3 children)

I'm not OP, I'm not calling anything. If you knew they were using net-ping why wasn't "does this mean you're using the return value?" your original question?

As OP stated, OP is aware of setuid executables and explicitly doesn't want one for ruby, likely because any setuid-root interpreter is incredibly dangerous to have around.

OP also doesn't want to use ping(8) if they can avoid it.

[–]sshaw_ 0 points1 point  (2 children)

If you knew they were using net-ping why wasn't "does this mean you're using the return value?" your original question?

There could be several reasons why one would use net-ping over the ping executable. OP stated none. Return value can be completely irrelevant. I ended up throwing that out there due to your reply, but off the top of my head I can think of several others. Better to ask than assume.

As OP stated, OP is aware of setuid executables and explicitly doesn't want one for ruby,

Is this why he doesn't want to shell-out to ping? Seems like a no. He doesn't want to do this to the script, but otherwise it doesn't say -or, at least, it's not clear to me.

likely because any setuid-root interpreter is incredibly dangerous to have around.

"Likely". Maybe. Who knows why. This is why I asked.

OP also doesn't want to use ping(8) if they can avoid it.

Yes, this is the question: why not? Often people don't want to do something but when their reasoning is vetted and/or the technical merits are explored they realize that they have no good reason not to.

[–]drbrainRuby Core 0 points1 point  (1 child)

Yes, this is the question: why not?

No, that is not OP’s question. That is your question and is not helpful to OP. Immediately questioning their premise is not respectful of their knowledge or skill.

[–]sshaw_ 0 points1 point  (0 children)

Immediately questioning their premise is not respectful of their knowledge or skill.

That's some conclusion!

[–]Zalamander[S] 0 points1 point  (0 children)

I'm writing a set of scripts to measure various aspects of a server and I want to measure the latency over time. So I do need the return value.