From owner-freebsd-security Mon Nov 1 20:46:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id D9B2414F1A for ; Mon, 1 Nov 1999 20:46:43 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id XAA03496; Mon, 1 Nov 1999 23:49:57 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199911020449.XAA03496@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Examining FBSD set[ug]ids and their use In-Reply-To: <14365.48408.87230.710344@anarcat.dyndns.org> from Spidey at "Nov 1, 1999 11:17:28 am" To: beaupran@iro.umontreal.ca (Spidey) Date: Mon, 1 Nov 1999 23:49:57 -0500 (EST) Cc: peter.jeremy@alcatel.com.au, freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Spidey wrote, > > ># Allow users to bind on a socket (which? where?) > > > ping mode=4555 > > Needed to allow ordinary mortals to sent raw IP (ICMP) packets. > > I don't think this should be enable by default... on a shell box, this > could cause some pretty dense headaches... You don't think mortal users should be able to ping? IMHO, ping is a _very_ basic utility that generally should be turned on. I don't want to have to 'su' to root everytime I want to ping a host to see if it is awake. Same goes for traceroute(8). If you want to turn off the setuid (in which case you might as well chmod to 700 as well), you can, but I really don't see it as the default setup. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message