From owner-freebsd-security Mon Nov 1 22:14:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from s8-37-26.student.washington.edu (S8-37-26.student.washington.edu [128.208.37.26]) by hub.freebsd.org (Postfix) with ESMTP id 859AA153D9 for ; Mon, 1 Nov 1999 22:14:29 -0800 (PST) (envelope-from jcwells@u.washington.edu) Received: from localhost (jcw@localhost) by s8-37-26.student.washington.edu (8.9.3/8.9.3) with ESMTP id LAA02758; Tue, 2 Nov 1999 11:07:03 GMT (envelope-from jcwells@u.washington.edu) X-Authentication-Warning: s8-37-26.student.washington.edu: jcw owned process doing -bs Date: Tue, 2 Nov 1999 11:07:03 +0000 (GMT) From: "Jason C. Wells" X-Sender: jcw@s8-37-26.student.washington.edu Reply-To: "Jason C. Wells" To: cjclark@home.com Cc: Spidey , peter.jeremy@alcatel.com.au, freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use In-Reply-To: <199911020449.XAA03496@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 1 Nov 1999, Crist J. Clark wrote: >> > ># Allow users to bind on a socket (which? where?) >> > > ping mode=4555 >> > Needed to allow ordinary mortals to sent raw IP (ICMP) packets. >> >> I don't think this should be enable by default... on a shell box, this >> could cause some pretty dense headaches... > >You don't think mortal users should be able to ping? IMHO, ping is a >_very_ basic utility that generally should be turned on. I don't want >to have to 'su' to root everytime I want to ping a host to see if it >is awake. Same goes for traceroute(8). Doesn't ICMP_BAND_LIMIT reduce said headaches for packets originating from the server? If it did, this would reduce said headaches. This is a question more than a comment. Thank You, | http://students.washington.edu/jcwells/ Jason Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message