From owner-freebsd-bluetooth@FreeBSD.ORG  Mon Mar 28 19:59:52 2011
Return-Path: <owner-freebsd-bluetooth@FreeBSD.ORG>
Delivered-To: freebsd-bluetooth@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 1233)
	id 1F8101065672; Mon, 28 Mar 2011 19:59:52 +0000 (UTC)
Date: Mon, 28 Mar 2011 19:59:52 +0000
From: Alexander Best <arundel@freebsd.org>
To: Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
Message-ID: <20110328195952.GA26987@freebsd.org>
References: <20110328001258.GA70156@freebsd.org>
	<alpine.NEB.2.00.1103280751410.3331@galant.ukfsn.org>
	<20110328101804.GA39095@freebsd.org>
	<alpine.NEB.2.00.1103281452520.27263@galant.ukfsn.org>
	<AANLkTikLj7QumdtPcB=wGBdyxOyHBusCzUbrtXVC+Yt1@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AANLkTikLj7QumdtPcB=wGBdyxOyHBusCzUbrtXVC+Yt1@mail.gmail.com>
Cc: freebsd-bluetooth@freebsd.org
Subject: Re: l2ping(8) and -f switch
X-BeenThere: freebsd-bluetooth@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Using Bluetooth in FreeBSD environments
	<freebsd-bluetooth.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth>, 
	<mailto:freebsd-bluetooth-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bluetooth>
List-Post: <mailto:freebsd-bluetooth@freebsd.org>
List-Help: <mailto:freebsd-bluetooth-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth>, 
	<mailto:freebsd-bluetooth-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 19:59:52 -0000

On Mon Mar 28 11, Maksim Yevmenkin wrote:
> On Mon, Mar 28, 2011 at 7:04 AM, Iain Hibbert <plunky@rya-online.net> wrote:
> > On Mon, 28 Mar 2011, Alexander Best wrote:
> >
> >> On Mon Mar 28 11, Iain Hibbert wrote:
> >> > On Mon, 28 Mar 2011, Alexander Best wrote:
> >> >
> >> > > thus i believe making the -f switch only accessable to super-users (in
> >> > > accordance with ping(8)/ping6(8)) would increase security.
> >> >
> >> > what stops the user from recompiling l2ping without this restriction?
> >>
> >> nothing. but what stops him from recompiling ping(8) or ping6(8) without the
> >> restriction? still it's there.
> >
> > AFAIK you need superuser privileges to even send ICMP_ECHO packets, thats
> > why ping is traditionally a suid program and making a new binary won't
> > help normal users..  I'm guessing that l2ping doesn't have the same
> > restrictions?
> 
> Guys,
> 
> first of all thanks for the patch.
> 
> i think one really needs to understand what "flood" really means in
> l2ping(8). "flood" ping(8) basically floods the link with icmp echo
> requests without waiting for remote system to reply. yes, this is
> potentially dangerous and thus its reasonable to require super-user
> privileges. "flood" l2ping(8) is NOT the same. all l2ping(8) does is
> "flood" mode
> 
> 1) sends l2cap echo request
> 2) waits for l2cap echo response (or timeout)
> 3) repeats
> 
> in other words, there is no delay between each l2cap echo
> request-response transaction. its not really "flood". i'm not sure if
> it really worth to go all the way to restricting this. however, if
> people think that it should be restricted, i will not object.

how about removing the term "flood" from the l2ping(2) man page, if the -f
semantics can't actually be called that way?

> 
> thanks,
> max

-- 
a13x