From nobody Sun Mar 24 12:57:01 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V2bgk5TXYz5FcfM for ; Sun, 24 Mar 2024 12:57:22 +0000 (UTC) (envelope-from tom@tomforb.es) Received: from fhigh8-smtp.messagingengine.com (fhigh8-smtp.messagingengine.com [103.168.172.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V2bgk0Sklz4mpr for ; Sun, 24 Mar 2024 12:57:22 +0000 (UTC) (envelope-from tom@tomforb.es) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tomforb.es header.s=fm3 header.b=kOwageDy; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=mZXN18x+; dmarc=none; spf=pass (mx1.freebsd.org: domain of tom@tomforb.es designates 103.168.172.159 as permitted sender) smtp.mailfrom=tom@tomforb.es Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfhigh.nyi.internal (Postfix) with ESMTP id CE0E211400BD for ; Sun, 24 Mar 2024 08:57:21 -0400 (EDT) Received: from imap43 ([10.202.2.93]) by compute2.internal (MEProxy); Sun, 24 Mar 2024 08:57:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tomforb.es; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm3; t=1711285041; x=1711371441; bh=7WZkz6ZxwARAmcxIV9k2E5aLOwK1CRYR e16gw7/SfhQ=; b=kOwageDyd5iN6/w92IuP+ed9uLPWFjc4ZVso5rdPQv7IgarE 8kO2WT9NVRoG9DyJ4lNUvTbtp0wckBIfIzROz3lHQSTViA3vYyUFBlexlBiUrdGJ EiEd+xQwIamO8NpbrikMs3gdARL5leRkmGqaQellE12OJHT0boswtejd9aIQskOE qZgGhbng03QeSvm87MCa5/p81nu6m0wYFNLmQygrBy+mHOurvoRkj+3K3Or4YpUE v6ZaWvhlIBeYN8U4fVMp1KqmPctkgg2cXCljgAFvRR4P/bXM1koHOrPhg65nBiDu UA6rd9NHM8P2jHdyQmQFs2aeEVUZsXuzP+Xw5A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1711285041; x=1711371441; bh=7WZkz6ZxwARAmcxIV9k2E5aLOwK1CRYRe16 gw7/SfhQ=; b=mZXN18x+sXQCh2QYGVjJbhCS5WpfWQHhZfQh2saGoG6I/npetfn oDOfyhLZi3Luh/Dv8XUYn1zPeWiFxIPJKzCC3DWkex/Z6DJ/wK82htc+hnN6VBm4 o9qd9vCdu0/8eO14AfV03LuaJZ3JZe2Gt56UCKFctm3VLUxA3YxmEzjMSwkcxQHh qQHXx1Se4FbnmcuKhgOnCmgAMtvOd7GmrWG5IauBM1YKFpMXSc3lIyayFkjRSXjY FFb8GhDouscDeJmQ1ESFc2DEyT3aenNN2EiKzDmL0jQynjQufzPN38NCFLT7F5ly k4q7Wrlnfydkhakvmza42YaWwUDEz44R92Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddtjedggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsegrtderre erredtnecuhfhrohhmpedfvfhomhcuhfhorhgsvghsfdcuoehtohhmsehtohhmfhhorhgs rdgvsheqnecuggftrfgrthhtvghrnhepgfeggfefkeeftedvteduleduvdehieeljeetke ektdfgjefhheeltddvleeuuefgnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehtohhmsehtoh hmfhhorhgsrdgvsh X-ME-Proxy: Feedback-ID: i915146fc:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 94F432D4007D; Sun, 24 Mar 2024 08:57:21 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-332-gdeb4194079-fm-20240319.002-gdeb41940 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Message-Id: <954e1d80-d44f-4c3d-88a7-122dc0f25de4@app.fastmail.com> Date: Sun, 24 Mar 2024 12:57:01 +0000 From: "Tom Forbes" To: freebsd-hackers@freebsd.org Subject: Removing or changing the ping interval restriction for non-root users Content-Type: multipart/alternative; boundary=fc4cbc23ee3b47c2993003d0279288d0 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.58 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.985]; R_SPF_ALLOW(-0.20)[+ip4:103.168.172.128/27:c]; R_DKIM_ALLOW(-0.20)[tomforb.es:s=fm3,messagingengine.com:s=fm2]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[103.168.172.159:from]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; FREEFALL_USER(0.00)[tom]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:209242, ipnet:103.168.172.0/24, country:US]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DMARC_NA(0.00)[tomforb.es]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DKIM_TRACE(0.00)[tomforb.es:+,messagingengine.com:+] X-Rspamd-Queue-Id: 4V2bgk0Sklz4mpr --fc4cbc23ee3b47c2993003d0279288d0 Content-Type: text/plain Hello, I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping? If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command. Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this! Thanks, Tom 1. https://github.com/orf/gping 2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441 --fc4cbc23ee3b47c2993003d0279288d0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
Hello,
I maintain a small project called gping[1] that recently added = support for FreeBSD. One of the issues I ran into with running this on F= reeBSD was that the `ping` command seems to disallow intervals of less t= han 1 second if you are not running as root[2]. This check was last touc= hed 23 years ago and I'm curious as to why this restriction exists? I as= sume it's from an earlier time in the internets history, and perhaps is = related to potential misuse of the command to flood targets with packets= via ping?

If it is then I'd li= ke to suggest that this limitation be removed or is reduced to `0.1` sec= onds instead? Using `ping` for this kind of thing isn't a viable attack = today, and the 1 second limitation seems like it would get in the way of= useful uses of the ping command.
Also this is my first post to any *BSD mailing list, so please let me= know if this is not the right place to ask this question or propose thi= s!

Thanks,=
Tom