Do not use RAW socket on Unix to allows unprivileged user usage

[marysaka]

On Unix platforms, SOCK_RAW usage is reserved to privileged users.

Fix "Operation not permitted" error on Linux and macOS.

[aisk]

Seems the tests failed on macOS without sudo with this messege:

thread 'basic' panicked at 'called `Result::unwrap()` on an `Err` value: IoError { error: Os { code: 35, kind: WouldBlock, message: "Resource temporarily unavailable" } }', tests/tests.rs:12:83

[marysaka]

Seems the tests failed on macOS withoud sudo with this messege:

thread 'basic' panicked at 'called `Result::unwrap()` on an `Err` value: IoError { error: Os { code: 35, kind: WouldBlock, message: "Resource temporarily unavailable" } }', tests/tests.rs:12:83

That's odd I cannot reproduce on my M1 🤔

[avborup]

Seems the tests failed on macOS withoud sudo with this messege:

thread 'basic' panicked at 'called `Result::unwrap()` on an `Err` value: IoError { error: Os { code: 35, kind: WouldBlock, message: "Resource temporarily unavailable" } }', tests/tests.rs:12:83

That's odd I cannot reproduce on my M1 🤔

I can't reproduce the failure either on my M1 MacBook Pro. However, the tests fail on master with permission denied.

Test output on this PR

$ git branch --show-current
fix-unprivileges-unix

$ cargo test
    Finished test [unoptimized + debuginfo] target(s) in 0.03s
     Running unittests (target/debug/deps/ping-4694b3d763dc3029)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running tests/tests.rs (target/debug/deps/tests-cbf954419b14fb70)

running 1 test
test basic ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

   Doc-tests ping

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

Test output on master

$ git branch --show-current
master

$ cargo test
    Finished test [unoptimized + debuginfo] target(s) in 0.03s
     Running unittests (target/debug/deps/ping-4694b3d763dc3029)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running tests/tests.rs (target/debug/deps/tests-cbf954419b14fb70)

running 1 test
test basic ... FAILED

failures:

---- basic stdout ----
thread 'basic' panicked at 'called `Result::unwrap()` on an `Err` value: IoError { error: Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" } }', tests/tests.rs:12:83
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace


failures:
    basic

test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

error: test failed, to rerun pass '--test tests'

OS info

$ sw_vers
ProductName:	macOS
ProductVersion:	12.3.1
BuildVersion:	21E258

$ uname -a
Darwin MacBook-Pro.local 21.4.0 Darwin Kernel Version 21.4.0: Fri Mar 18 00:46:32 PDT 2022; root:xnu-8020.101.4~15/RELEASE_ARM64_T6000 arm6

[aisk]

I'm using a intel mac book with big sur:

ProductName:    macOS
ProductVersion: 11.6
BuildVersion:   20G165

So this is a OS specified issue? But the tests won't passed on Linux too (Arch OS with latest kernel version which I have forgoten...)

[yinheli]

MacOS m1
IoError { error: Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" } }

[harshasrisri]

Hey @aisk, may I request additionally to merge this? I see the same error as @yinheli on MacOS M1.

[aisk]

I have test this MR on my linux (arch) box, and it not works. According to https://stackoverflow.com/a/20105379 , the unprivilege icmp package is not works out of box on linux.

I think we should add a option or a new function to use the unprivileged ping.

[harshasrisri]

I see. I tried this change on macOS and it worked. I'll try testing it on Linux if I can get my hands on one.

[aisk]

I have new idea, we should keep both the privileged / unprivileged implementations for specified usage. And a basic ping function as a alias to the new privileged_ping for backword compatibility. In future releases, we can use the most suitable for target platform.

Is this implemented in #11 , does anyone have suggestions?

[marysaka]

I have new idea, we should keep both the privileged / unprivileged implementations for specified usage. And a basic ping function as a alias to the new privileged_ping for backword compatibility. In future releases, we can use the most suitable for target platform.

Is this implemented in #11 , does anyone have suggestions?

I think that's a great idea, will close this 👍

[williamdes]

I guess this is why I have to set PrivateUsers=false on systemd
Reporting this back to https://github.com/valeriansaliou/vigil/issues