base/SOURCES/iputils-20121221-caps.patch

diff -rup iputils-s20121221/clockdiff.c iputils-s20121221-new/clockdiff.c
--- iputils-s20121221/clockdiff.c	2012-12-21 15:01:07.000000000 +0100
+++ iputils-s20121221-new/clockdiff.c	2015-03-23 10:17:29.190895413 +0100
@@ -21,6 +21,7 @@
 #include <errno.h>
 #include <linux/types.h>
 #ifdef CAPABILITIES
+#include <sys/prctl.h>
 #include <sys/capability.h>
 #endif
 
@@ -534,12 +535,51 @@ usage() {
 
 void drop_rights(void) {
 #ifdef CAPABILITIES
-	cap_t caps = cap_init();
-	if (cap_set_proc(caps)) {
-		perror("clockdiff: cap_set_proc");
+	cap_t cap_cur_p;
+	cap_t cap_p;
+	cap_value_t cap_raw = CAP_NET_RAW;
+	cap_flag_value_t cap_ok;
+
+	cap_cur_p = cap_get_proc();
+	if (!cap_cur_p) {
+		perror("ping: cap_get_proc");
 		exit(-1);
 	}
-	cap_free(caps);
+
+	cap_p = cap_init();
+	if (!cap_p) {
+		perror("ping: cap_init");
+		exit(-1);
+	}
+
+	cap_ok = CAP_CLEAR;
+	cap_get_flag(cap_cur_p, CAP_NET_RAW, CAP_PERMITTED, &cap_ok);
+
+	if (cap_ok != CAP_CLEAR)
+		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_raw, CAP_SET);
+
+	if (cap_set_proc(cap_p) < 0) {
+		perror("ping: cap_set_proc");
+		exit(-1);
+	}
+
+	if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
+		perror("ping: prctl");
+		exit(-1);
+	}
+
+	if (setuid(getuid()) < 0) {
+		perror("setuid");
+		exit(-1);
+	}
+
+	if (prctl(PR_SET_KEEPCAPS, 0) < 0) {
+		perror("ping: prctl");
+		exit(-1);
+	}
+
+	cap_free(cap_p);
+	cap_free(cap_cur_p);
 #endif
 	if (setuid(getuid())) {
 		perror("clockdiff: setuid");