Python non-privileged ICMP?

The ping program is installed setuid root. This allows any user to use the program, and still be able to open a raw socket After it opens the raw socket, it typically drops root privs You generally need a raw socket to do ICMP correctly, and raw sockets are usually restricted. So it's not really python's fault at all Regarding the bit about ICMP above, apparently many implementations don't really support those combinations of flags well.So it is likely that most implmentations just use the way they "know" works on most / all architectures.

The ping program is installed setuid root. This allows any user to use the program, and still be able to open a raw socket. After it opens the raw socket, it typically drops root privs. You generally need a raw socket to do ICMP correctly, and raw sockets are usually restricted.So it's not really python's fault at all.

Regarding the bit about ICMP above, apparently many implementations don't really support those combinations of flags well. So it is likely that most implmentations just use the way they "know" works on most / all architectures.

Ah, that's one mystery less - since short intervals on ping still require sudo, I didn't think it had setuid root, but you're clearly right about that. – Markus Jul 29 '09 at 8:12.

It's owned by root and has that crucial s bit in the permission -- setuserid. So, no matter what user is running it, ping runs as root. If you're using a BSD Kernel with the new "non-privileged ICMP sockets" it would be interesting to see what's needed to use that functionality to ping from Python (but that won't help any user that's on a less advanced kernel, of course).

Perhaps I'll attempt to get that working from python when I have some time, mostly out of curiosity. – Markus Jul 29 '09 at 8:17 Not all that new as a spec (I believe it goes all the way back to good old glorious BSD 4.3! -), but a working implementation of that spec would be pretty new (and very good news indeed, IMHO).

– Alex Martelli Jul 29 '09 at 14:20.

I'm not sure if it is OK to post something in a question that seems it has already been answered a while ago. I have been searching for the same implementation and found a way to do ICMP via Python with non-root privileges. Python-ping uses the same 'need-root' way to do a ping, but came across a bug report where a user suggested changing SOCK_RAW to SOCK_DGRAM when calling sock : hg.io/delroth/python-ping/issue/1/icmp-w... The dev explains this will be a "WONT-FIX" situation because it is a UDP ping rather.

Since I really do not care if ICMP is going out via UDP, I went ahead and got the code and made the proposed changed. I am now able to do a ping without calling subprocess or needing root! Again, not sure if posting here after such a long time is OK, but thought this was a better thing!

I was also looking for an implementation of ping without using subprocess or needing root to ping. My solution needed to be cross-platform, namely Windows and Linux. Changing the socket on Windows to SOCK_DGRAM results in a "protocol not supported 100043" exception.So it looks like Windows correctly checks to see if icmp is being sent out on TCP rather than UDP.

However, windows does not care if it is running as "root" since that is a Linux concept. If os.Name == 'nt': #no root on windows my_socket = socket. Socket(socket.

AF_INET, socket. SOCK_RAW, icmp) else: #changed to UDP socket...gets around ROOT priv issue my_socket = socket. Socket(socket.

AF_INET, socket. SOCK_DGRAM, icmp).

Actually, on Windows 7 and Vista you do need to 'Run as Administrator' to do my_socket = socket. Socket(socket. AF_INET, socket.

SOCK_RAW, icmp) and as you say, doing it over a datagram socket causes an error.

The error I got while trying to use SOCK_RAW is socket. Error: Errno 10013 An attempt was made to access a socket in a way forbidden by its access permissions To get rid of this error I tried running command prompt as an administrator and that solved the problem. Now since I wanted to do NON PRIVILEGED ICMP in python, I changed SOCK_RAW to SOCK_DGRAM.

This came up with the following error: socket. Error: Errno 10043 The requested protocol has not been configured into the system, or no implementation for it exists Anyone found a way around this as yet? Ammar.

Please note, I am developing the program in a windows vista environment – Ammar Apr 7 at 8:29 turns out that ICMP packets aren't sent in UDP datagrams. That is why I was getting errno 10043. Don't know how the others got it to work.

– Ammar Apr 7 at 14:01.

I am running python under windows 7 , Since I am editing and "compiling" the code under Eclipse pydev plugin, My solution was : Running the eclipse. Exe as an administrator : this solved the problem, This solution is similar to running the cmd as an administrator.

1 Please don't suggest people run arbitrary programs as Administrator. That's how UAC got a bad rap in the first place. Your answer also doesn't help for a program deployed into production.

– AdmiralNemo Sep 15 at 2:34.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Python non-privileged ICMP?

Related Questions

What is Icmp?

ICMP in C#, SocketException - Forbidden by access permissions?

ICMP Host-Unreachable?

How to get ICMP port unreachable packet on UDP socket on Windows?

ICMP - TTL - Traceroute?

Problem with asyn icmp ping?