Date: Tue, 2 Nov 1999 11:07:03 +0000 (GMT) From: "Jason C. Wells" <jcwells@u.washington.edu> To: cjclark@home.com Cc: Spidey <beaupran@iro.umontreal.ca>, peter.jeremy@alcatel.com.au, freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use Message-ID: <Pine.BSF.4.10.9911021104470.2731-100000@s8-37-26.student.washington.edu> In-Reply-To: <199911020449.XAA03496@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Nov 1999, Crist J. Clark wrote: >> > ># Allow users to bind on a socket (which? where?) >> > > ping mode=4555 >> > Needed to allow ordinary mortals to sent raw IP (ICMP) packets. >> >> I don't think this should be enable by default... on a shell box, this >> could cause some pretty dense headaches... > >You don't think mortal users should be able to ping? IMHO, ping is a >_very_ basic utility that generally should be turned on. I don't want >to have to 'su' to root everytime I want to ping a host to see if it >is awake. Same goes for traceroute(8). Doesn't ICMP_BAND_LIMIT reduce said headaches for packets originating from the server? If it did, this would reduce said headaches. This is a question more than a comment. Thank You, | http://students.washington.edu/jcwells/ Jason Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911021104470.2731-100000>