Use ping in sandbox


#1

Hey,

I am trying to send a ping in the an application by using the following code:

int status = system(“ping -c 3 192.168.2.3”);

status should be 0 if the ping is successful, and something else, if it is not successful. This works when I don’t run my application in a sandbox, but it is not working, when I am running it in a sandbox. Has anybody an idea how this could be solved?

Thanks!


#2

I tried to add a section to the .adef file to have access to the ping-tool of linux:

requires:
{
file:
{
/bin/ping /bin/ping
}
}

And called the ping tool with system("/bin/ping -c 3 192.168.2.3"); instead. But still the same… :frowning:


#3

Found the solution:
/bin/sh has to be added to the sandbox section too. So it looks like this:

requires:
{
    file:
    {
    	/bin/sh  /bin/sh 
    	/bin/ping  /bin/ping
    }
}

Have a nice day! :slight_smile:


#4

You need /bin/sh if you want to use system() as system() calls /bin/sh first. This is a common source of security vulnerabilities if a end-user can influence the string passed to system() in any way.

Another way which doesn’t use /bin/sh would be to fork()/exec(), in which case you can call ping directly.


#5

Thanks, I will give it a try!