From owner-freebsd-bluetooth@FreeBSD.ORG Mon Mar 28 00:12:58 2011 Return-Path: Delivered-To: freebsd-bluetooth@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 1233) id 7590C1065670; Mon, 28 Mar 2011 00:12:58 +0000 (UTC) Date: Mon, 28 Mar 2011 00:12:58 +0000 From: Alexander Best To: freebsd-bluetooth@freebsd.org Message-ID: <20110328001258.GA70156@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline Subject: l2ping(8) and -f switch X-BeenThere: freebsd-bluetooth@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Using Bluetooth in FreeBSD environments List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 00:12:58 -0000 --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi there, i've just noticed the -f switch to l2ping(8) doesn't require super-user privileges. wouldn't this allow a regular user to flood any bluetooth device with massive ping requests? thus i believe making the -f switch only accessable to super-users (in accordance with ping(8)/ping6(8)) would increase security. i've attached a patch which implements this functionality in addition to some other minor corrections to the l2ping(8) C source and man page. cheers. alex -- a13x --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="l2ping.diff" diff --git a/usr.sbin/bluetooth/l2ping/l2ping.8 b/usr.sbin/bluetooth/l2ping/l2ping.8 index 477f4ec..1b1d30b 100644 --- a/usr.sbin/bluetooth/l2ping/l2ping.8 +++ b/usr.sbin/bluetooth/l2ping/l2ping.8 @@ -25,7 +25,7 @@ .\" $Id: l2ping.8,v 1.3 2003/05/21 01:00:19 max Exp $ .\" $FreeBSD$ .\" -.Dd June 14, 2002 +.Dd March 28, 2011 .Dt L2PING 8 .Os .Sh NAME @@ -36,7 +36,7 @@ .Op Fl fhn .Fl a Ar remote .Op Fl c Ar count -.Op Fl i Ar delay +.Op Fl i Ar wait .Op Fl S Ar source .Op Fl s Ar size .Sh DESCRIPTION @@ -65,6 +65,7 @@ will operate until interrupted. .It Fl f .Dq Flood ping, i.e., no delay between packets. +Only the super-user may use this option. .It Fl h Display usage message and exit. .It Fl i Ar wait @@ -109,7 +110,7 @@ Some implementations may not like large sizes and may hang or even crash. .Xr ng_l2cap 4 , .Xr l2control 8 .Sh AUTHORS -.An Maksim Yevmenkin Aq m_evmenkin@yahoo.com +.An Maksim Yevmenkin Aq emax@FreeBSD.org .Sh BUGS Could collect more statistic. Could check for duplicated, corrupted and lost packets. diff --git a/usr.sbin/bluetooth/l2ping/l2ping.c b/usr.sbin/bluetooth/l2ping/l2ping.c index d7e1b1e..2978afd 100644 --- a/usr.sbin/bluetooth/l2ping/l2ping.c +++ b/usr.sbin/bluetooth/l2ping/l2ping.c @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -106,6 +107,8 @@ main(int argc, char *argv[]) break; case 'f': + if (getuid()) + errx(1, "Must be superuser to flood ping"); flood = 1; break; @@ -272,8 +275,8 @@ tv2msec(struct timeval const *tvp) static void usage(void) { - fprintf(stderr, "Usage: l2ping -a bd_addr " \ - "[-S bd_addr -c count -i wait -n -s size -h]\n"); + fprintf(stderr, "Usage: l2ping [-fhn] -a remote " \ + "[-c count] [-i wait] [-S source] [-s size]\n"); fprintf(stderr, "Where:\n"); fprintf(stderr, " -a remote Specify remote device to ping\n"); fprintf(stderr, " -c count Number of packets to send\n"); --Qxx1br4bt0+wmkIi--