diff -urp iputils-s20071127.orig/Makefile iputils-s20071127/Makefile
--- iputils-s20071127.orig/Makefile	2009-03-27 09:06:27.000000000 -0400
+++ iputils-s20071127/Makefile	2009-03-27 09:35:17.000000000 -0400
@@ -29,10 +29,10 @@ all: $(TARGETS)
 tftpd: tftpd.o tftpsubs.o
 
 ping: ping.o ping_common.o
-	$(CC) $(CFLAGS) ping.o ping_common.o -lidn -o ping
+	$(CC) $(CFLAGS) ping.o ping_common.o -lidn -lcap-ng -o ping
 
 ping6: ping6.o ping_common.o
-	$(CC) $(CFLAGS) ping6.o ping_common.o -o ping6
+	$(CC) $(CFLAGS) ping6.o ping_common.o -lcap-ng -o ping6
 
 ping.o ping6.o ping_common.o: ping_common.h
 tftpd.o tftpsubs.o: tftp.h
diff -urp iputils-s20071127.orig/ping6.c iputils-s20071127/ping6.c
--- iputils-s20071127.orig/ping6.c	2009-03-27 09:06:27.000000000 -0400
+++ iputils-s20071127/ping6.c	2009-03-27 09:39:16.000000000 -0400
@@ -74,6 +74,7 @@ char copyright[] =
 #include <linux/filter.h>
 #include <netinet/ip6.h>
 #include <netinet/icmp6.h>
+#include <cap-ng.h>
 
 #ifndef SOL_IPV6
 #define SOL_IPV6 IPPROTO_IPV6
@@ -227,6 +228,11 @@ int main(int argc, char *argv[])
 		perror("ping: setuid");
 		exit(-1);
 	}
+	if (uid == 0) {
+		// Drop all privs
+		capng_clear(CAPNG_SELECT_BOTH);
+		capng_apply(CAPNG_SELECT_BOTH);
+	}
 
 	source.sin6_family = AF_INET6;
 	memset(&firsthop, 0, sizeof(firsthop));
diff -urp iputils-s20071127.orig/ping.c iputils-s20071127/ping.c
--- iputils-s20071127.orig/ping.c	2009-03-27 09:06:27.000000000 -0400
+++ iputils-s20071127/ping.c	2009-03-27 09:37:24.000000000 -0400
@@ -65,6 +65,7 @@ char copyright[] =
 
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
+#include <cap-ng.h>
 
 #ifndef ICMP_FILTER
 #define ICMP_FILTER	1
@@ -137,6 +138,11 @@ main(int argc, char **argv)
 		perror("ping: setuid");
 		exit(-1);
 	}
+	if (uid == 0) {
+		// Drop all privs
+		capng_clear(CAPNG_SELECT_BOTH);
+		capng_apply(CAPNG_SELECT_BOTH);
+	}
 
 	source.sin_family = AF_INET;