Date: Tue, 26 Mar 1996 10:00:22 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: taob@io.org (Brian Tao) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Restricting ping -s and -l Message-ID: <199603261600.KAA17012@brasil.moneng.mei.com> In-Reply-To: <Pine.BSF.3.91.960325194516.13507Q-100000@cabal.io.org> from "Brian Tao" at Mar 25, 96 07:47:33 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Are there any good reasons why a non-root user should need the -s > and -l options in ping? I've had problems in the past with users > starting up a dozen "ping -s 8000"'s to a foreign site, saturating our > own T1 to the net. Who needs ping -f when you can control the packet > size. :( > > I can't really think of any legitimate reason for allowing -s and > -l to unprivileged user, but before I modify the source, I figured I'd > ask around first. :) I use them to fire-test SLIP and PPP links. I understand where you are coming from, but consider the user who types "unlimit" followed by a couple hundred instances of ping. This isn't buying you anything in particular (at least IMHO)... The solution isn't to remove the flexibility of the tool, it's to carry around a bazooka and shoot trouble users in the foot when they do nasty things with the tools. Remember, you can trivially write a UDP datagram program without root privileges to do the same exact thing. Someone who wants to be trouble doesn't have to have your permission and blessing. :-) ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603261600.KAA17012>