diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index 779c42f6a7f..3e070548f13 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -2609,6 +2609,8 @@ size_t Process::amount_purgeable_nonvolatile() const
 
 int Process::sys$socket(int domain, int type, int protocol)
 {
+    if ((type & SOCK_TYPE_MASK) == SOCK_RAW && !is_superuser())
+        return -EACCES;
     int fd = alloc_fd();
     if (fd < 0)
         return fd;
diff --git a/Kernel/build-root-filesystem.sh b/Kernel/build-root-filesystem.sh
index a4f561fa1eb..428bae1d1da 100755
--- a/Kernel/build-root-filesystem.sh
+++ b/Kernel/build-root-filesystem.sh
@@ -82,6 +82,7 @@ else
 find ../Userland/ -type f -perm +111 -exec cp {} mnt/bin/ \;
 fi
 chmod 4755 mnt/bin/su
+chmod 4755 mnt/bin/ping
 echo "done"
 
 printf "installing applications... "
diff --git a/Userland/ping.cpp b/Userland/ping.cpp
index a05a07c347b..7318cb82ece 100644
--- a/Userland/ping.cpp
+++ b/Userland/ping.cpp
@@ -37,6 +37,11 @@ int main(int argc, char** argv)
         return 1;
     }
 
+    if (setgid(getgid()) || setuid(getuid())) {
+        fprintf(stderr, "Failed to drop privileges.\n");
+        return 1;
+    }
+
     struct timeval timeout {
         1, 0
     };