Open naoliv opened 2 years ago
BillyCroan
commented
1 year ago Agreed. Suggesting:
Permission (to do what) denied (by whom/what):
(why)I'd also like a command line flag I can use to 'not attempt to use elevated permissions' (Do the best you can without root).
rewolff
commented
1 year ago Unix was designed in the 1970ies. One of the good things is that system calls return an error code when things go wrong and that there are standard routines that print the human readable error message that belongs to the code. Linux is built to resemble Unix and works the same way.
This means that you don't get the crazyness that e.g. dos had. When you try to remove a directory and it didn't work, you got "directory doesn't exist or ... " (one or two other reasons that the maker of the rmdir program thought would cause that error). But when you were on a network drive, and you didn't have permission to remove that directory the error message would suggest 2 or 3 possible causes but none of them would be correct.
So, when say "rm" tries to remove a file and that fails it will simply call perror (filename) and the error will be something like/etc/passwd: permission denied..
Now... when the error is "mtr: permission denied", either mtr is not explaining what it was doing when something went wrong with the "permission denied" error code, OR the shell is trying to execute the mtr program and got an error during that call.
So... If you do " strace mtr -r example.com ", what do you get? Possibly you need to install strace. "sudo apt install strace" or whatever your flavor of OS requires.
naoliv
commented
1 year ago # strace mtr -r example.com
execve("/usr/bin/mtr", ["mtr", "-r", "example.com"], 0x7ffcf62cba70 /* 25 vars */) = 0
brk(NULL) = 0x55b8725d2000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7e526b000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (Arquivo ou diretório inexistente)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=88634, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 88634, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc7e5255000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=64344, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 76328, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e5242000
mmap(0x7fc7e5245000, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fc7e5245000
mmap(0x7fc7e524e000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7fc7e524e000
mmap(0x7fc7e5251000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7fc7e5251000
mmap(0x7fc7e5253000, 6696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc7e5253000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libjansson.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=59784, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 61792, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e5232000
mmap(0x7fc7e5234000, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fc7e5234000
mmap(0x7fc7e523d000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7fc7e523d000
mmap(0x7fc7e5240000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fc7e5240000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libncurses.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=165808, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 168328, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e5208000
mprotect(0x7fc7e5210000, 131072, PROT_NONE) = 0
mmap(0x7fc7e5210000, 102400, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7fc7e5210000
mmap(0x7fc7e5229000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7fc7e5229000
mmap(0x7fc7e5230000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x27000) = 0x7fc7e5230000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libtinfo.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=199992, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 203072, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e51d6000
mmap(0x7fc7e51e4000, 69632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7fc7e51e4000
mmap(0x7fc7e51f5000, 57344, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7fc7e51f5000
mmap(0x7fc7e5203000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2c000) = 0x7fc7e5203000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=907696, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 909552, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e50f7000
mmap(0x7fc7e5105000, 466944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7fc7e5105000
mmap(0x7fc7e5177000, 380928, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x80000) = 0x7fc7e5177000
mmap(0x7fc7e51d4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xdc000) = 0x7fc7e51d4000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\223\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\200\0\300\4\0\0\0\1\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0'\303\373\250H\333\23\266*\233\312\367C\226\20\312"..., 68, 880) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=2061320, ...}, AT_EMPTY_PATH) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
mmap(NULL, 2109328, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e4e00000
mmap(0x7fc7e4e28000, 1507328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7fc7e4e28000
mmap(0x7fc7e4f98000, 360448, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x198000) = 0x7fc7e4f98000
mmap(0x7fc7e4ff0000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f0000) = 0x7fc7e4ff0000
mmap(0x7fc7e4ff6000, 53136, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc7e4ff6000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7e50f5000
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=14408, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 16400, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc7e50f0000
mmap(0x7fc7e50f1000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7fc7e50f1000
mmap(0x7fc7e50f2000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fc7e50f2000
mmap(0x7fc7e50f3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fc7e50f3000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7e50ed000
arch_prctl(ARCH_SET_FS, 0x7fc7e50ed740) = 0
set_tid_address(0x7fc7e50eda10) = 1515152
set_robust_list(0x7fc7e50eda20, 24) = 0
rseq(0x7fc7e50ee0e0, 0x20, 0, 0x53053053) = 0
mprotect(0x7fc7e4ff0000, 16384, PROT_READ) = 0
mprotect(0x7fc7e50f3000, 4096, PROT_READ) = 0
mprotect(0x7fc7e51d4000, 4096, PROT_READ) = 0
mprotect(0x7fc7e5203000, 16384, PROT_READ) = 0
mprotect(0x7fc7e5230000, 4096, PROT_READ) = 0
mprotect(0x7fc7e5240000, 4096, PROT_READ) = 0
mprotect(0x7fc7e5251000, 4096, PROT_READ) = 0
mprotect(0x55b8722c3000, 4096, PROT_READ) = 0
mprotect(0x7fc7e52a0000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7fc7e5255000, 88634) = 0
geteuid() = 0
getuid() = 0
getegid() = 0
getgid() = 0
getpid() = 1515152
getuid() = 0
getrandom("\xbc\xe1\xc7\x3f\xd2\x17\x90\xb1", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55b8725d2000
brk(0x55b8725f3000) = 0x55b8725f3000
uname({sysname="Linux", nodename="spades", ...}) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (Arquivo ou diretório inexistente)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (Arquivo ou diretório inexistente)
close(3) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=494, ...}, 0) = 0
newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=494, ...}, AT_EMPTY_PATH) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 494
read(3, "", 4096) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=494, ...}, AT_EMPTY_PATH) = 0
close(3) = 0
newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=920, ...}, 0) = 0
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=9, ...}, AT_EMPTY_PATH) = 0
read(3, "multi on\n", 4096) = 9
read(3, "", 4096) = 0
close(3) = 0
futex(0x7fc7e4ffd46c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=920, ...}, AT_EMPTY_PATH) = 0
read(3, "# This is /run/systemd/resolve/s"..., 4096) = 920
read(3, "", 4096) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=920, ...}, AT_EMPTY_PATH) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=195, ...}, AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "127.0.0.1\tlocalhost\tnotebook\n127"..., 4096) = 195
read(3, "", 4096) = 0
close(3) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 0
poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="1\314\1 \0\1\0\0\0\0\0\1\7example\3com\0\0\1\0\1\0\0)"..., iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=40}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="6\300\1 \0\1\0\0\0\0\0\1\7example\3com\0\0\34\0\1\0\0)"..., iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=40}], 2, MSG_NOSIGNAL) = 2
poll([{fd=3, events=POLLIN}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [56]) = 0
recvfrom(3, "1\314\201\240\0\1\0\1\0\0\0\1\7example\3com\0\0\1\0\1\300\f\0"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, [28->16]) = 56
poll([{fd=3, events=POLLIN}], 1, 4925) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [68]) = 0
recvfrom(3, "6\300\201\240\0\1\0\1\0\0\0\1\7example\3com\0\0\34\0\1\300\f\0"..., 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, [28->16]) = 68
close(3) = 0
openat(AT_FDCWD, "/etc/gai.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2583, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2583, ...}, AT_EMPTY_PATH) = 0
read(3, "# Configuration for getaddrinfo("..., 4096) = 2583
read(3, "", 4096) = 0
close(3) = 0
futex(0x7fc7e4ffc324, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3
bind(3, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, nl_pid=1515152, nl_groups=00000000}, [12]) = 0
sendto(3, {{len=20, type=RTM_GETADDR, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1665070823, pid=0}, {ifa_family=AF_UNSPEC, ...}}, 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[{{len=76, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1665070823, pid=1515152}, {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")}, [{{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")}, {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")}, {{nla_len=7, nla_type=IFA_LABEL}, "lo"}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=300, tstamp=300}}]}, {{len=96, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1665070823, pid=1515152}, {ifa_family=AF_INET, ifa_prefixlen=24, ifa_flags=0, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("enp6s0")}, [{{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("192.168.1.102")}, {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("192.168.1.102")}, {{nla_len=8, nla_type=IFA_BROADCAST}, inet_addr("192.168.1.255")}, {{nla_len=11, nla_type=IFA_LABEL}, "enp6s0"}, {{nla_len=8, nla_type=IFA_FLAGS}, 0}, {{nla_len=8, nla_type=IFA_RT_PRIORITY}, 1024}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294818790, ifa_valid=4294818790, cstamp=241909849, tstamp=241909849}}]}], iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 172
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[{{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1665070823, pid=1515152}, {ifa_family=AF_INET6, ifa_prefixlen=128, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")}, [{{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "::1")}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=300, tstamp=300}}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]}, {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1665070823, pid=1515152}, {ifa_family=AF_INET6, ifa_prefixlen=64, ifa_flags=0, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("enp6s0")}, [{{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2804:c30:c2ac:cb00:868f:69ff:feb9:5305")}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=604507, ifa_valid=2591707, cstamp=241910011, tstamp=256731038}}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_MANAGETEMPADDR|IFA_F_NOPREFIXROUTE}]}, {{len=80, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1665070823, pid=1515152}, {ifa_family=AF_INET6, ifa_prefixlen=64, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_LINK, ifa_index=if_nametoindex("enp6s0")}, [{{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "fe80::868f:69ff:feb9:5305")}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=708, tstamp=708}}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}, {{nla_len=5, nla_type=0xb /* IFA_??? */}, "\x03"}]}], iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 224
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=20, type=NLMSG_DONE, flags=NLM_F_MULTI, seq=1665070823, pid=1515152}, 0}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("93.184.216.34")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(55552), sin_addr=inet_addr("192.168.1.102")}, [28->16]) = 0
close(3) = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2606:2800:220:1:248:1893:25c8:1946", &sin6_addr), sin6_scope_id=0}, 28) = 0
getsockname(3, {sa_family=AF_INET6, sin6_port=htons(52931), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2804:c30:c2ac:cb00:868f:69ff:feb9:5305", &sin6_addr), sin6_scope_id=0}, [28]) = 0
close(3) = 0
pipe2([3, 4], 0) = 0
pipe2([5, 6], 0) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fc7e50eda10) = 1515155
close(6) = 0
close(3) = 0
write(4, "1 check-support feature send-pro"..., 35) = 35
read(5, "1 feature-support support ok\n", 4095) = 29
write(4, "1 check-support feature ip-4\n", 29) = 29
read(5, "1 feature-support support ok\n", 4095) = 29
write(4, "1 check-support feature icmp\n", 29) = 29
read(5, "1 feature-support support ok\n", 4095) = 29
fcntl(5, F_GETFL) = 0 (flags O_RDONLY)
fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(1), sin_addr=inet_addr("93.184.216.34")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(47729), sin_addr=inet_addr("192.168.1.102")}, [16]) = 0
close(3) = 0
getpid() = 1515152
newfstatat(1, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x6), ...}, AT_EMPTY_PATH) = 0
pipe2([3, 6], 0) = 0
pipe2([7, 8], 0) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fc7e50eda10) = 1515157
close(3) = 0
close(8) = 0
fcntl(7, F_GETFL) = 0 (flags O_RDONLY)
fcntl(7, F_GETFL) = 0 (flags O_RDONLY)
fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1444, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1444, ...}, AT_EMPTY_PATH) = 0
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1444
lseek(3, -910, SEEK_CUR) = 534
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 910
close(3) = 0
newfstatat(1, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x6), ...}, AT_EMPTY_PATH) = 0
write(1, "Start: 2022-10-06T12:40:23-0300\n", 32Start: 2022-10-06T12:40:23-0300
) = 32
pselect6(8, [5 7], NULL, NULL, {tv_sec=0, tv_nsec=0}, NULL) = 0 (Timeout)
pselect6(8, [5 7], NULL, NULL, {tv_sec=0, tv_nsec=99969000}, NULL) = 0 (Timeout)
write(4, "33000 send-probe ip-4 93.184.216"..., 120) = 120
pselect6(8, [5 7], NULL, NULL, {tv_sec=0, tv_nsec=100000000}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=99940250})
read(5, "33000 permission-denied\n", 4095) = 24
write(1, "HOST: spades "..., 77HOST: spades Loss% Snt Last Avg Best Wrst StDev
) = 77
write(2, "mtr: ", 5mtr: ) = 5
write(2, "Permission denied", 17Permission denied) = 17
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++I'm going to go with "mtr is not explaining what it was doing"
What's particularly odd to me is that when the network is working normally and I run mtr, it doesn't throw that error. It only errors when the remote host isn't responding to ping (when there is a problem) which is the only time I actually need mtr right?
I assume there is some sort of fallback behavior if mtr doesn't get a response. And that fallback requires greater privilege than it normally needs. Then again it's falling back just about instantly and I would expect at least a second of patience waiting on a ping to come back.
(I'm working on a script for my laptop that automatically pulls up mtr when there's a connectivity problem, so I have a better idea, quicker, where that problem lay)
To reproduce the error I insert an iptables rule to drop outbound packets to 1.1.1.1, then run mtr:
[bcroan@localhost ~]$ strace mtr 1.1.1.1
execve("/usr/sbin/mtr", ["mtr", "1.1.1.1"], 0x7fff8aefdb58 /* 77 vars */) = 0
brk(NULL) = 0x55b5b3099000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffd2134d570) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=176607, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 176607, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f1d42f37000
close(3) = 0
openat(AT_FDCWD, "/lib64/libjansson.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\1\n\366\227:\252\321\356\256\232P\v\272\27078"..., 176, 744) = 176
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=62160, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d42f35000
mmap(NULL, 61520, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d42f25000
mmap(0x7f1d42f27000, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f1d42f27000
mmap(0x7f1d42f30000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f1d42f30000
mmap(0x7f1d42f33000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f1d42f33000
close(3) = 0
openat(AT_FDCWD, "/lib64/libncurses.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\247r\372 %\31g\362)A\2448\236\247\205m"..., 180, 744) = 180
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=184368, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 180640, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d42ef8000
mprotect(0x7f1d42f00000, 143360, PROT_NONE) = 0
mmap(0x7f1d42f00000, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7f1d42f00000
mmap(0x7f1d42f1c000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f1d42f1c000
mmap(0x7f1d42f23000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2a000) = 0x7f1d42f23000
close(3) = 0
openat(AT_FDCWD, "/lib64/libtinfo.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\225M\22\367\330!o\336\202\35\261\"\244v\216\342"..., 180, 744) = 180
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=191680, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 190832, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d42ec9000
mmap(0x7f1d42ed7000, 57344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7f1d42ed7000
mmap(0x7f1d42ee5000, 57344, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f1d42ee5000
mmap(0x7f1d42ef3000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x7f1d42ef3000
close(3) = 0
openat(AT_FDCWD, "/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=919824, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 905480, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d42deb000
mmap(0x7f1d42df9000, 466944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7f1d42df9000
mmap(0x7f1d42e6b000, 376832, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x80000) = 0x7f1d42e6b000
mmap(0x7f1d42ec7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xdb000) = 0x7f1d42ec7000
close(3) = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\227\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0@\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0"..., 80, 848) = 80
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\234Xc9j\21\252\265*\350\221\212\340\0326,"..., 68, 928) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=2375336, ...}, AT_EMPTY_PATH) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
mmap(NULL, 2104720, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d42be9000
mmap(0x7f1d42c11000, 1523712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f1d42c11000
mmap(0x7f1d42d85000, 360448, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19c000) = 0x7f1d42d85000
mmap(0x7f1d42ddd000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f3000) = 0x7f1d42ddd000
mmap(0x7f1d42de3000, 32144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d42de3000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d42be7000
arch_prctl(ARCH_SET_FS, 0x7f1d42be8000) = 0
set_tid_address(0x7f1d42be82d0) = 1984093
set_robust_list(0x7f1d42be82e0, 24) = 0
rseq(0x7f1d42be89a0, 0x20, 0, 0x53053053) = 0
mprotect(0x7f1d42ddd000, 16384, PROT_READ) = 0
mprotect(0x7f1d42ec7000, 4096, PROT_READ) = 0
mprotect(0x7f1d42ef3000, 16384, PROT_READ) = 0
mprotect(0x7f1d42f23000, 4096, PROT_READ) = 0
mprotect(0x7f1d42f33000, 4096, PROT_READ) = 0
mprotect(0x55b5b1b36000, 4096, PROT_READ) = 0
mprotect(0x7f1d42f98000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f1d42f37000, 176607) = 0
geteuid() = 1000
getuid() = 1000
getegid() = 1000
getgid() = 1000
getpid() = 1984093
getuid() = 1000
getrandom("\xe3\x13\x38\xaf\xfe\x17\xb0\xdc", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55b5b3099000
brk(0x55b5b30ba000) = 0x55b5b30ba000
uname({sysname="Linux", nodename="localhost.localdomain", ...}) = 0
pipe2([3, 4], 0) = 0
pipe2([5, 6], 0) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1d42be82d0) = 1984094
close(6) = 0
close(3) = 0
write(4, "1 check-support feature send-pro"..., 35) = 35
read(5, "1 feature-support support ok\n", 4095) = 29
write(4, "1 check-support feature ip-4\n", 29) = 29
read(5, "1 feature-support support ok\n", 4095) = 29
write(4, "1 check-support feature icmp\n", 29) = 29
read(5, "1 feature-support support ok\n", 4095) = 29
fcntl(5, F_GETFL) = 0 (flags O_RDONLY)
fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(1), sin_addr=inet_addr("1.1.1.1")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(58753), sin_addr=inet_addr("192.168.32.40")}, [16]) = 0
close(3) = 0
getpid() = 1984093
newfstatat(1, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x9), ...}, AT_EMPTY_PATH) = 0
pipe2([3, 6], 0) = 0
pipe2([7, 8], 0) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1d42be82d0) = 1984095
close(3) = 0
close(8) = 0
fcntl(7, F_GETFL) = 0 (flags O_RDONLY)
fcntl(7, F_GETFL) = 0 (flags O_RDONLY)
fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "/home/bcroan/.terminfo", 0x55b5b3099dc0, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/terminfo", {st_mode=S_IFDIR|0755, st_size=0, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/share/terminfo", {st_mode=S_IFDIR|0755, st_size=42, ...}, 0) = 0
access("/etc/terminfo/x/xterm-256color", R_OK) = -1 ENOENT (No such file or directory)
access("/usr/share/terminfo/x/xterm-256color", R_OK) = 0
openat(AT_FDCWD, "/usr/share/terminfo/x/xterm-256color", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=3814, ...}, AT_EMPTY_PATH) = 0
read(3, "\36\2%\0&\0\17\0\235\0013\6xterm-256color|xterm"..., 32768) = 3814
read(3, "", 28672) = 0
close(3) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=36, ws_col=173, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=36, ws_col=173, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigaction(SIGTSTP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTSTP, {sa_handler=0x7f1d42f1b910, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d42c27a70}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x7f1d42f14880, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d42c27a70}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x7f1d42f14880, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d42c27a70}, NULL, 8) = 0
rt_sigaction(SIGWINCH, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGWINCH, {sa_handler=0x7f1d42f100b0, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f1d42c27a70}, NULL, 8) = 0
ioctl(1, TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost -isig -icanon -echo ...}) = 0
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2380, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2380, ...}, AT_EMPTY_PATH) = 0
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"..., 4096) = 2380
lseek(3, -1502, SEEK_CUR) = 878
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"..., 4096) = 1502
close(3) = 0
rt_sigaction(SIGTSTP, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d42c27a70}, {sa_handler=0x7f1d42f1b910, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d42c27a70}, 8) = 0
) = 32 write(1, "\33[?1049h\33[22;0;0t\33[1;36r\33(B\33[m\33["..., 75
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0
write(2, "mtr: ", 5mtr: ) = 5
write(2, "Permission denied", 17Permission denied) = 17
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++
[bcroan@localhost ~]$ (hostname redacted to localhost)
Problem still recurs with selinux in permissive mode too.
Thank you for maintaining this tool btw. I absolutely love mtr!
BillyCroan
commented
1 year ago I may have solved part of my problem. I changed to block the incoming packets for testing, and no longer get the error. (instead of iptables -I OUTPUT -d 1.1.1.1 -j DROP, I use -I INPUT -s 1.1.1.1)
So, news to me, perhaps iptables actually communicates to the sending process that it is dropping the packet? I wouldn't expect that, but seems to be.
BillyCroan
commented
1 year ago Curioser and curiouser the rabbit hole deepens:
I was trying to come up with a mechanism for my script to launch mtr once and only once per outage. At first I was just going to do it at a specific delay after outage commenced, but if it exits it would be gone. So I thought why not check if it's in the process list already and launch it every second, if it isn't already running. And I found:
I never noticed mtr-packet before, but manpaged it and it looks like it's the packet generator for mtr and mtr itself is just the interface/state engine. Okay. Sounds reasonable. I might expect mtr-packet to be suid root, but the permission flags I see don't reflect that. Why's it red in ls?
[bcroan@epichostname ~]$ stat /usr/sbin/mtr*
File: /usr/sbin/mtr
Size: 76024 Blocks: 152 IO Block: 4096 regular file
Device: 0,32 Inode: 98055451 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Context: system_u:object_r:traceroute_exec_t:s0
Access: 2022-10-05 12:02:43.394272357 -0500
Modify: 2022-01-20 14:56:39.000000000 -0600
Change: 2022-05-24 01:25:45.109197898 -0500
Birth: 2022-05-24 01:25:45.070197900 -0500
File: /usr/sbin/mtr-packet
Size: 37504 Blocks: 80 IO Block: 4096 regular file
Device: 0,32 Inode: 98055452 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Context: system_u:object_r:bin_t:s0
Access: 2022-10-05 12:02:43.429272854 -0500
Modify: 2022-01-20 14:56:40.000000000 -0600
Change: 2022-05-24 01:25:45.109197898 -0500
Birth: 2022-05-24 01:25:45.073197900 -0500
[bcroan@elitehost ~]$figured it out.
[bcroan@host ~]$ getfattr -d -m ".*" /usr/sbin/mtr*
getfattr: Removing leading '/' from absolute path names
# file: usr/sbin/mtr
security.selinux="system_u:object_r:traceroute_exec_t:s0"
# file: usr/sbin/mtr-packet
security.capability=0sAQAAAgAgAAAAAAAAAAAAAAAAAAA=
security.selinux="system_u:object_r:bin_t:s0"
[bcroan@host ~]$ getcap /usr/sbin/mtr*
/usr/sbin/mtr-packet cap_net_raw=ep
[bcroan@host ~]$
So mtr-packet has a 'capability' assigned to it to do raw writes.
Still doesn't clarify why permission was getting denied. But I bet it's trying to utilize that capability to raw write and something stops it.
rewolff
commented
1 year ago Yes, the strace command needs -f to also trace the mtr-packet binary.
mtr used to be a monolithic program with setuid rights. And lots of linked libraries for graphics and stuff. A buffer overrun in one of those would compromise system security. Thus the packet sending part was split off, and mtr communicates with the subprocess for sending the probes and getting the results back. So now from a security perspective only mtr-packet with few libraries is the critical part.
Modern systems allow programs to not be "setuid" but only have specific permissions. Thus mtr-packet needs (formally only allowed to "root" ) permission to send funky packets on the network. So if someone manages to find a bug in mtr-packet such that they have FULL control over what the program does, then they now don't have "all permissions on the system" (root), but only the right to send arbitrary network packets.
This might be the red color your ls is showing. My eyes are not the best, so I can read white-on-black or black-on-white just fine, but yellow-on-white and blue-on-black are combinations that I can't read. So I've always turned off colors on ls the moment I notice it on a new system. I don't know what the colors mean.
Using this example:
Running it as root makes it even more interesting when thinking "Why can't I run mtr?" :-)
Could we have a more user friendly message, please?
lftgives us a better explanation about this, for example (and maybe mtr could use a similar explanation):Thanks!