Date: Sun, 24 Mar 2024 07:48:35 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-hackers@freebsd.org, Tom Forbes <tom@tomforb.es> Subject: =?US-ASCII?Q?Re=3A_Removing_or_changing_the_ping_in?= =?US-ASCII?Q?terval_restriction_for_non-root_users?= Message-ID: <2D5DD001-DD98-4A8E-9458-6754E6D977EE@cschubert.com> In-Reply-To: <954e1d80-d44f-4c3d-88a7-122dc0f25de4@app.fastmail.com> References: <954e1d80-d44f-4c3d-88a7-122dc0f25de4@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On March 24, 2024 5:57:01 AM PDT, Tom Forbes <tom@tomforb=2Ees> wrote: >Hello, >I maintain a small project called gping[1] that recently added support fo= r FreeBSD=2E One of the issues I ran into with running this on FreeBSD was = that the `ping` command seems to disallow intervals of less than 1 second i= f you are not running as root[2]=2E This check was last touched 23 years ag= o and I'm curious as to why this restriction exists? I assume it's from an = earlier time in the internets history, and perhaps is related to potential = misuse of the command to flood targets with packets via ping? > >If it is then I'd like to suggest that this limitation be removed or is r= educed to `0=2E1` seconds instead? Using `ping` for this kind of thing isn'= t a viable attack today, and the 1 second limitation seems like it would ge= t in the way of useful uses of the ping command=2E > >Also this is my first post to any *BSD mailing list, so please let me kno= w if this is not the right place to ask this question or propose this! > >Thanks, >Tom > >1=2E https://github=2Ecom/orf/gping >2=2E https://github=2Ecom/freebsd/freebsd-src/blame/8a56ef8d75b42ee722824= 7466c8c1712de6e3b6f/sbin/ping/ping6=2Ec#L441 Other UNIX-like systems have the same restriction=2E At $JOB we use Solari= s and various Linux systems=2E All maintain the same restriction=2E Other B= SDs are the same=2EI don't think FreeBSD should be an outlier=2E Maybe setgid bit or a capability to remove the restriction may be a bette= r solution=2E But to reduce the timeout to essentially remove it is IMO unw= ise=2E=20 --=20 Cheers, Cy Schubert <Cy=2ESchubert@cschubert=2Ecom> FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: https://FreeBSD=2Eorg NTP: <cy@nwtime=2Eorg> Web: https://nwtime=2Eorg e^(i*pi)+1=3D0 Pardon the typos=2E Small keyboard in use=2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2D5DD001-DD98-4A8E-9458-6754E6D977EE>