From owner-freebsd-hackers  Tue Mar 26 08:01:43 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA18518
          for hackers-outgoing; Tue, 26 Mar 1996 08:01:43 -0800 (PST)
Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA18499
          for <freebsd-hackers@FreeBSD.ORG>; Tue, 26 Mar 1996 08:01:40 -0800 (PST)
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id KAA17012; Tue, 26 Mar 1996 10:00:23 -0600
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199603261600.KAA17012@brasil.moneng.mei.com>
Subject: Re: Restricting ping -s and -l
To: taob@io.org (Brian Tao)
Date: Tue, 26 Mar 1996 10:00:22 -0600 (CST)
Cc: freebsd-hackers@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.91.960325194516.13507Q-100000@cabal.io.org> from "Brian Tao" at Mar 25, 96 07:47:33 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>     Are there any good reasons why a non-root user should need the -s
> and -l options in ping?  I've had problems in the past with users
> starting up a dozen "ping -s 8000"'s to a foreign site, saturating our
> own T1 to the net.  Who needs ping -f when you can control the packet
> size.  :(
> 
>     I can't really think of any legitimate reason for allowing -s and
> -l to unprivileged user, but before I modify the source, I figured I'd
> ask around first.  :)

I use them to fire-test SLIP and PPP links.

I understand where you are coming from, but consider the user who types
"unlimit" followed by a couple hundred instances of ping.  This isn't 
buying you anything in particular (at least IMHO)...

The solution isn't to remove the flexibility of the tool, it's to carry
around a bazooka and shoot trouble users in the foot when they do nasty
things with the tools.

Remember, you can trivially write a UDP datagram program without root
privileges to do the same exact thing.  Someone who wants to be trouble
doesn't have to have your permission and blessing.

:-)

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/546-7968