From nobody Sun Mar 24 15:04:15 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V2fVY37zbz5Frp3 for ; Sun, 24 Mar 2024 15:04:37 +0000 (UTC) (envelope-from tom@tomforb.es) Received: from fout6-smtp.messagingengine.com (fout6-smtp.messagingengine.com [103.168.172.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4V2fVX5CmKz46WW for ; Sun, 24 Mar 2024 15:04:36 +0000 (UTC) (envelope-from tom@tomforb.es) Authentication-Results: mx1.freebsd.org; none Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id A59631380089; Sun, 24 Mar 2024 11:04:35 -0400 (EDT) Received: from imap43 ([10.202.2.93]) by compute2.internal (MEProxy); Sun, 24 Mar 2024 11:04:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tomforb.es; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1711292675; x=1711379075; bh=eMjwIN+/KU CJqZLkaez4Kf3lKqJs7acGX1bve7Vcuyg=; b=WOIw4i8d32UYa8TTykZfz251a9 5zvT62dlan53Z+QWkUFhNKpXfwSHMJ5GagLZhut770SEfH/OfDLTy3mHvHdbuFbQ 76hxloeiCgiy5AX3hvt5SzLXvuaLRKjxRMGLZPKMgbdEY1YA6PASm1ziG5v7DRQ4 WJn4YMYvwKBGvujge+t0t5kE87+K0bf/GneMTMKZbWICYk5ZfWztiXbXJZEIV1dL ABEfDpGowBQgG0D19+yNjHx6bxdmgZSqQZPuRUBiK9EHpSvNaU3Q7wMEDlZ4oG9c 7OrUnCSg9RTA+eOpb9yntl4ecFBD30OT9BNdNij8YhqdCVo8mLRVVjL9ykFA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1711292675; x=1711379075; bh=eMjwIN+/KUCJqZLkaez4Kf3lKqJs 7acGX1bve7Vcuyg=; b=fm04oXseZzwndZvkNW25m7V7MacGg7g4tAXjfUbPIUyh 2JxROXLXbby+2AlcC61BBF1OAsqg+LlBwzPjWKh/6NjwX3BwW3NOl9K8U/nZFxGB Wsdm6+zLU30+cP8kp0lbHEMEWZApmXvv6atj5AIhNtms5U3GKrVtmTTN4x6itPW8 yzeb5h2+QGcxhjMk1Lt0rP7/Eu2NL0DoYE37qH+ccW+/OXdYBJNNd3pAANnqXf/H ZpIlbcxAgtRYKyhQVGaLHLr+JTFmP6dBx4zy9Gl9MUTglkyh38GXy2InT5mDjLmS x38DiSg0URu9r7z8RJH4zgFKdv+7uL/NY4+6GyYEqg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddtjedgjeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesrgdtreerreertdenucfhrhhomhepfdfvohhm ucfhohhrsggvshdfuceothhomhesthhomhhfohhrsgdrvghsqeenucggtffrrghtthgvrh hnpeejveekffegudfhgeekhfekuedvlefhfffftedujeejhedvheffueehfeehhfeivden ucffohhmrghinhepghhithhhuhgsrdgtohhmpdhfrhgvvggsshgurdhorhhgpdhnfihtih hmvgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehtohhmsehtohhmfhhorhgsrdgvsh X-ME-Proxy: Feedback-ID: i915146fc:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 486A92D4007D; Sun, 24 Mar 2024 11:04:35 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-332-gdeb4194079-fm-20240319.002-gdeb41940 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Message-Id: <4f8b035c-b2cc-4606-a691-f1d86827282b@app.fastmail.com> In-Reply-To: <2D5DD001-DD98-4A8E-9458-6754E6D977EE@cschubert.com> References: <954e1d80-d44f-4c3d-88a7-122dc0f25de4@app.fastmail.com> <2D5DD001-DD98-4A8E-9458-6754E6D977EE@cschubert.com> Date: Sun, 24 Mar 2024 15:04:15 +0000 From: "Tom Forbes" To: "Cy Schubert" , freebsd-hackers@freebsd.org Subject: Re: Removing or changing the ping interval restriction for non-root users Content-Type: multipart/alternative; boundary=24f27762460e46539679bef9d11faa60 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:209242, ipnet:103.168.172.0/24, country:US] X-Rspamd-Queue-Id: 4V2fVX5CmKz46WW --24f27762460e46539679bef9d11faa60 Content-Type: text/plain I've personally never come across this limitation on any system that I've used, however it is a good point that there are bound to be systems that have the same limitation. After digging a bit more into the history the limitation was added in this commit[1] in 1998 with the explicit intention to "secure options from user-level D.O.S attacks". A lot of things have changed since 1998, and setting an arbitrary high limit to prevent "ping" and "ping6" from being used to DOS networked devices would be a pretty suspect decision if it was suggested today. I expect a few other distributions have inherited this limit from the original contribution, but to me that doesn't lend a strong argument to keeping it if the underlying reason it exists doesn't make sense anymore _and_ if removing/reducing it is a backwards-compatible, simple and non-invasive change. Tom 1. https://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60242c08771165 On Sun, 24 Mar 2024, at 2:48 PM, Cy Schubert wrote: > On March 24, 2024 5:57:01 AM PDT, Tom Forbes wrote: > >Hello, > >I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping? > > > >If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command. > > > >Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this! > > > >Thanks, > >Tom > > > >1. https://github.com/orf/gping > >2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441 > Other UNIX-like systems have the same restriction. At $JOB we use Solaris and various Linux systems. All maintain the same restriction. Other BSDs are the same.I don't think FreeBSD should be an outlier. > > Maybe setgid bit or a capability to remove the restriction may be a better solution. But to reduce the timeout to essentially remove it is IMO unwise. > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: https://FreeBSD.org > NTP: Web: https://nwtime.org > e^(i*pi)+1=0 > > Pardon the typos. Small keyboard in use. > --24f27762460e46539679bef9d11faa60 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
I've personally= never come across this limitation on any system that I've used, however= it is a good point that there are bound to be systems that have the sam= e limitation. After digging a bit more into the history the limitation w= as added in this commit[1] in 1998 with the explicit intention to "secur= e options from user-level D.O.S attacks".

A= lot of things have changed since 1998, and setting an arbitrary high li= mit to prevent "ping" and "ping6" from being used to DOS networked devic= es would be a pretty suspect decision if it was suggested today. I expec= t a few other distributions have inherited this limit from the original = contribution, but to me that doesn't lend a strong argument to keeping i= t if the underlying reason it exists doesn't make sense anymore _and_ if= removing/reducing it is a backwards-compatible, simple and non-invasive= change.

Tom
  1. https://github.com/freebsd/freebsd-src/commit/526f06b278d9= 252add168aa18b60242c08771165

On Sun= , 24 Mar 2024, at 2:48 PM, Cy Schubert wrote:
On March 24, 2024 5:57:01 AM PDT, Tom F= orbes <tom@tomforb.es> wrote= :
>Hello,
>I maintain a small project = called gping[1] that recently added support for FreeBSD. One of the issu= es I ran into with running this on FreeBSD was that the `ping` command s= eems to disallow intervals of less than 1 second if you are not running = as root[2]. This check was last touched 23 years ago and I'm curious as = to why this restriction exists? I assume it's from an earlier time in th= e internets history, and perhaps is related to potential misuse of the c= ommand to flood targets with packets via ping?
>
>If it is then I'd like to suggest that this limitation be re= moved or is reduced to `0.1` seconds instead? Using `ping` for this kind= of thing isn't a viable attack today, and the 1 second limitation seems= like it would get in the way of useful uses of the ping command.
>
>Also this is my first post to any *BSD ma= iling list, so please let me know if this is not the right place to ask = this question or propose this!
>
>Than= ks,
>Tom
>
>1. <= a href=3D"https://github.com/orf/gping">https://github.com/orf/gping=
Other UNIX-li= ke systems have the same restriction. At $JOB we use Solaris and various= Linux systems. All maintain the same restriction. Other BSDs are the sa= me.I don't think FreeBSD should be an outlier.

<= div>Maybe  setgid bit or a capability to remove the restriction may= be a better solution. But to reduce the timeout to essentially remove i= t is IMO unwise. 

-- 
Cheers,
FreeBSD UN= IX:  <cy@FreeBSD.org>&n= bsp; Web:  https://FreeBSD.org=
NTP:        &= nbsp;            = <cy@nwtime.org>  &n= bsp; Web:  https://nwtime.org

--24f27762460e46539679bef9d11faa60--