Date: Sun, 24 Mar 2024 12:57:01 +0000 From: "Tom Forbes" <tom@tomforb.es> To: freebsd-hackers@freebsd.org Subject: Removing or changing the ping interval restriction for non-root users Message-ID: <954e1d80-d44f-4c3d-88a7-122dc0f25de4@app.fastmail.com>
next in thread | raw e-mail | index | archive | help
--fc4cbc23ee3b47c2993003d0279288d0 Content-Type: text/plain Hello, I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping? If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command. Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this! Thanks, Tom 1. https://github.com/orf/gping 2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441 --fc4cbc23ee3b47c2993003d0279288d0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE html><html><head><title></title><style type=3D"text/css">p.Mso= Normal,p.MsoNoSpacing{margin:0}</style></head><body><div><span style=3D"= color:rgb(0, 0, 0);font-style:normal;font-variant-caps:normal;font-weigh= t:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transf= orm:none;text-wrap-mode:wrap;word-spacing:0px;-webkit-text-stroke-width:= 0px;text-decoration-line:none;text-decoration-style:solid;text-decoratio= n-color:currentcolor;text-decoration-thickness:auto;display:inline !impo= rtant;float:none;"><span class=3D"font" style=3D"font-family:Helvetica;"= ><span class=3D"size" style=3D"font-size:12px;">Hello,</span></span></sp= an><br></div><div><span style=3D"color:rgb(0, 0, 0);font-style:normal;fo= nt-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:= start;text-indent:0px;text-transform:none;text-wrap-mode:wrap;word-spaci= ng:0px;-webkit-text-stroke-width:0px;text-decoration-line:none;text-deco= ration-style:solid;text-decoration-color:currentcolor;text-decoration-th= ickness:auto;display:inline !important;float:none;"><span class=3D"font"= style=3D"font-family:Helvetica;"><span class=3D"size" style=3D"font-siz= e:12px;">I maintain a small project called gping[1] that recently added = support for FreeBSD. One of the issues I ran into with running this on F= reeBSD was that the `ping` command seems to disallow intervals of less t= han 1 second if you are not running as root[2]. This check was last touc= hed 23 years ago and I'm curious as to why this restriction exists? I as= sume it's from an earlier time in the internets history, and perhaps is = related to potential misuse of the command to flood targets with packets= via ping?</span></span></span><br></div><div><br></div><div><span style= =3D"color:rgb(0, 0, 0);font-style:normal;font-variant-caps:normal;font-w= eight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-tr= ansform:none;text-wrap-mode:wrap;word-spacing:0px;-webkit-text-stroke-wi= dth:0px;text-decoration-line:none;text-decoration-style:solid;text-decor= ation-color:currentcolor;text-decoration-thickness:auto;display:inline != important;float:none;"><span class=3D"font" style=3D"font-family:Helveti= ca;"><span class=3D"size" style=3D"font-size:12px;">If it is then I'd li= ke to suggest that this limitation be removed or is reduced to `0.1` sec= onds instead? Using `ping` for this kind of thing isn't a viable attack = today, and the 1 second limitation seems like it would get in the way of= useful uses of the ping command.</span></span></span><br></div><div><br= ></div><div><span style=3D"color:rgb(0, 0, 0);font-style:normal;font-var= iant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;= text-indent:0px;text-transform:none;text-wrap-mode:wrap;word-spacing:0px= ;-webkit-text-stroke-width:0px;text-decoration-line:none;text-decoration= -style:solid;text-decoration-color:currentcolor;text-decoration-thicknes= s:auto;display:inline !important;float:none;"><span class=3D"font" style= =3D"font-family:Helvetica;"><span class=3D"size" style=3D"font-size:12px= ;">Also this is my first post to any *BSD mailing list, so please let me= know if this is not the right place to ask this question or propose thi= s!</span></span></span><br></div><div><br></div><div><span style=3D"colo= r:rgb(0, 0, 0);font-style:normal;font-variant-caps:normal;font-weight:40= 0;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:= none;text-wrap-mode:wrap;word-spacing:0px;-webkit-text-stroke-width:0px;= text-decoration-line:none;text-decoration-style:solid;text-decoration-co= lor:currentcolor;text-decoration-thickness:auto;display:inline !importan= t;float:none;"><span class=3D"font" style=3D"font-family:Helvetica;"><sp= an class=3D"size" style=3D"font-size:12px;">Thanks,</span></span></span>= <br></div><div><span style=3D"color:rgb(0, 0, 0);font-style:normal;font-= variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:sta= rt;text-indent:0px;text-transform:none;text-wrap-mode:wrap;word-spacing:= 0px;-webkit-text-stroke-width:0px;text-decoration-line:none;text-decorat= ion-style:solid;text-decoration-color:currentcolor;text-decoration-thick= ness:auto;display:inline !important;float:none;"><span class=3D"font" st= yle=3D"font-family:Helvetica;"><span class=3D"size" style=3D"font-size:1= 2px;">Tom</span></span></span><br></div><div><br></div><div><span style=3D= "color:rgb(0, 0, 0);font-style:normal;font-variant-caps:normal;font-weig= ht:400;letter-spacing:normal;text-align:start;text-indent:0px;text-trans= form:none;text-wrap-mode:wrap;word-spacing:0px;-webkit-text-stroke-width= :0px;text-decoration-line:none;text-decoration-style:solid;text-decorati= on-color:currentcolor;text-decoration-thickness:auto;display:inline !imp= ortant;float:none;"><span class=3D"font" style=3D"font-family:Helvetica;= "><span class=3D"size" style=3D"font-size:12px;">1.</span></span></span>= <span style=3D"color:rgb(0, 0, 0);font-style:normal;font-variant-caps:no= rmal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:= 0px;text-transform:none;text-wrap-mode:wrap;word-spacing:0px;-webkit-tex= t-stroke-width:0px;text-decoration-line:none;text-decoration-style:solid= ;text-decoration-color:currentcolor;text-decoration-thickness:auto;displ= ay:inline !important;float:none;"><span class=3D"font" style=3D"font-fam= ily:Helvetica;"><span class=3D"size" style=3D"font-size:12px;"> </s= pan></span></span><a href=3D"https://github.com/orf/gping" style=3D"font= -family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:nor= mal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0= px;text-transform:none;text-wrap-mode:wrap;word-spacing:0px;-webkit-text= -stroke-width:0px;">https://github.com/orf/gping</a><br></div><div><span= style=3D"color:rgb(0, 0, 0);font-style:normal;font-variant-caps:normal;= font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;t= ext-transform:none;text-wrap-mode:wrap;word-spacing:0px;-webkit-text-str= oke-width:0px;text-decoration-line:none;text-decoration-style:solid;text= -decoration-color:currentcolor;text-decoration-thickness:auto;display:in= line !important;float:none;"><span class=3D"font" style=3D"font-family:H= elvetica;"><span class=3D"size" style=3D"font-size:12px;">2. </span= ></span></span><a href=3D"https://github.com/freebsd/freebsd-src/blame/8= a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441" style=3D= "font-family:Helvetica;font-size:12px;font-style:normal;font-variant-cap= s:normal;font-weight:400;letter-spacing:normal;text-align:start;text-ind= ent:0px;text-transform:none;text-wrap-mode:wrap;word-spacing:0px;-webkit= -text-stroke-width:0px;">https://github.com/freebsd/freebsd-src/blame/8a= 56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441</a><br></d= iv></body></html> --fc4cbc23ee3b47c2993003d0279288d0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?954e1d80-d44f-4c3d-88a7-122dc0f25de4>