From owner-freebsd-bluetooth@FreeBSD.ORG Mon Mar 28 20:34:14 2011 Return-Path: Delivered-To: freebsd-bluetooth@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 1233) id 0C32B106566C; Mon, 28 Mar 2011 20:34:14 +0000 (UTC) Date: Mon, 28 Mar 2011 20:34:14 +0000 From: Alexander Best To: Maksim Yevmenkin Message-ID: <20110328203413.GB26987@freebsd.org> References: <20110328001258.GA70156@freebsd.org> <20110328101804.GA39095@freebsd.org> <20110328195952.GA26987@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Cc: freebsd-bluetooth@freebsd.org Subject: Re: l2ping(8) and -f switch X-BeenThere: freebsd-bluetooth@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Using Bluetooth in FreeBSD environments List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 20:34:14 -0000 On Mon Mar 28 11, Maksim Yevmenkin wrote: > On Mon, Mar 28, 2011 at 12:59 PM, Alexander Best wrote: > > On Mon Mar 28 11, Maksim Yevmenkin wrote: > >> On Mon, Mar 28, 2011 at 7:04 AM, Iain Hibbert wrote: > >> > On Mon, 28 Mar 2011, Alexander Best wrote: > >> > > >> >> On Mon Mar 28 11, Iain Hibbert wrote: > >> >> > On Mon, 28 Mar 2011, Alexander Best wrote: > >> >> > > >> >> > > thus i believe making the -f switch only accessable to super-users (in > >> >> > > accordance with ping(8)/ping6(8)) would increase security. > >> >> > > >> >> > what stops the user from recompiling l2ping without this restriction? > >> >> > >> >> nothing. but what stops him from recompiling ping(8) or ping6(8) without the > >> >> restriction? still it's there. > >> > > >> > AFAIK you need superuser privileges to even send ICMP_ECHO packets, thats > >> > why ping is traditionally a suid program and making a new binary won't > >> > help normal users.. I'm guessing that l2ping doesn't have the same > >> > restrictions? > >> > >> Guys, > >> > >> first of all thanks for the patch. > >> > >> i think one really needs to understand what "flood" really means in > >> l2ping(8). "flood" ping(8) basically floods the link with icmp echo > >> requests without waiting for remote system to reply. yes, this is > >> potentially dangerous and thus its reasonable to require super-user > >> privileges. "flood" l2ping(8) is NOT the same. all l2ping(8) does is > >> "flood" mode > >> > >> 1) sends l2cap echo request > >> 2) waits for l2cap echo response (or timeout) > >> 3) repeats > >> > >> in other words, there is no delay between each l2cap echo > >> request-response transaction. its not really "flood". i'm not sure if > >> it really worth to go all the way to restricting this. however, if > >> people think that it should be restricted, i will not object. > > > > how about removing the term "flood" from the l2ping(2) man page, if the -f > > semantics can't actually be called that way? > > that would be fine. l2ping(8) -h calls it > > -f No delay (sort of flood) > > and l2ping(8) man page calls it > > -f ``Flood'' ping, i.e., no delay between packets. > > it would be nice to make those consistent :) i'm not sure what the > best name would be though. another possibility would be to allow l2ping -i 0 and say that the -f flag is an alias for that. > > thanks, > max -- a13x