Date: Mon, 1 Nov 1999 23:49:57 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: beaupran@iro.umontreal.ca (Spidey) Cc: peter.jeremy@alcatel.com.au, freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use Message-ID: <199911020449.XAA03496@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <14365.48408.87230.710344@anarcat.dyndns.org> from Spidey at "Nov 1, 1999 11:17:28 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Spidey wrote, > > ># Allow users to bind on a socket (which? where?) > > > ping mode=4555 > > Needed to allow ordinary mortals to sent raw IP (ICMP) packets. > > I don't think this should be enable by default... on a shell box, this > could cause some pretty dense headaches... You don't think mortal users should be able to ping? IMHO, ping is a _very_ basic utility that generally should be turned on. I don't want to have to 'su' to root everytime I want to ping a host to see if it is awake. Same goes for traceroute(8). If you want to turn off the setuid (in which case you might as well chmod to 700 as well), you can, but I really don't see it as the default setup. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911020449.XAA03496>