Date: Sun, 24 Mar 2024 15:04:15 +0000 From: "Tom Forbes" <tom@tomforb.es> To: "Cy Schubert" <Cy.Schubert@cschubert.com>, freebsd-hackers@freebsd.org Subject: Re: Removing or changing the ping interval restriction for non-root users Message-ID: <4f8b035c-b2cc-4606-a691-f1d86827282b@app.fastmail.com> In-Reply-To: <2D5DD001-DD98-4A8E-9458-6754E6D977EE@cschubert.com> References: <954e1d80-d44f-4c3d-88a7-122dc0f25de4@app.fastmail.com> <2D5DD001-DD98-4A8E-9458-6754E6D977EE@cschubert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--24f27762460e46539679bef9d11faa60 Content-Type: text/plain I've personally never come across this limitation on any system that I've used, however it is a good point that there are bound to be systems that have the same limitation. After digging a bit more into the history the limitation was added in this commit[1] in 1998 with the explicit intention to "secure options from user-level D.O.S attacks". A lot of things have changed since 1998, and setting an arbitrary high limit to prevent "ping" and "ping6" from being used to DOS networked devices would be a pretty suspect decision if it was suggested today. I expect a few other distributions have inherited this limit from the original contribution, but to me that doesn't lend a strong argument to keeping it if the underlying reason it exists doesn't make sense anymore _and_ if removing/reducing it is a backwards-compatible, simple and non-invasive change. Tom 1. https://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60242c08771165 On Sun, 24 Mar 2024, at 2:48 PM, Cy Schubert wrote: > On March 24, 2024 5:57:01 AM PDT, Tom Forbes <tom@tomforb.es> wrote: > >Hello, > >I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping? > > > >If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command. > > > >Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this! > > > >Thanks, > >Tom > > > >1. https://github.com/orf/gping > >2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441 > Other UNIX-like systems have the same restriction. At $JOB we use Solaris and various Linux systems. All maintain the same restriction. Other BSDs are the same.I don't think FreeBSD should be an outlier. > > Maybe setgid bit or a capability to remove the restriction may be a better solution. But to reduce the timeout to essentially remove it is IMO unwise. > > -- > Cheers, > Cy Schubert <Cy.Schubert@cschubert.com> > FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org > NTP: <cy@nwtime.org> Web: https://nwtime.org > e^(i*pi)+1=0 > > Pardon the typos. Small keyboard in use. > --24f27762460e46539679bef9d11faa60 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE html><html><head><title></title><style type=3D"text/css">p.Mso= Normal,p.MsoNoSpacing{margin:0}</style></head><body><div>I've personally= never come across this limitation on any system that I've used, however= it is a good point that there are bound to be systems that have the sam= e limitation. After digging a bit more into the history the limitation w= as added in this commit[1] in 1998 with the explicit intention to "secur= e options from user-level D.O.S attacks".<br></div><div><br></div><div>A= lot of things have changed since 1998, and setting an arbitrary high li= mit to prevent "ping" and "ping6" from being used to DOS networked devic= es would be a pretty suspect decision if it was suggested today. I expec= t a few other distributions have inherited this limit from the original = contribution, but to me that doesn't lend a strong argument to keeping i= t if the underlying reason it exists doesn't make sense anymore _and_ if= removing/reducing it is a backwards-compatible, simple and non-invasive= change.<br></div><div><br></div><div>Tom<br></div><ol><li><a href=3D"ht= tps://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60= 242c08771165">https://github.com/freebsd/freebsd-src/commit/526f06b278d9= 252add168aa18b60242c08771165</a><br></li></ol><div><br></div><div>On Sun= , 24 Mar 2024, at 2:48 PM, Cy Schubert wrote:<br></div><blockquote type=3D= "cite" id=3D"qt" style=3D""><div>On March 24, 2024 5:57:01 AM PDT, Tom F= orbes <<a href=3D"mailto:tom@tomforb.es">tom@tomforb.es</a>> wrote= :<br></div><div>>Hello,<br></div><div>>I maintain a small project = called gping[1] that recently added support for FreeBSD. One of the issu= es I ran into with running this on FreeBSD was that the `ping` command s= eems to disallow intervals of less than 1 second if you are not running = as root[2]. This check was last touched 23 years ago and I'm curious as = to why this restriction exists? I assume it's from an earlier time in th= e internets history, and perhaps is related to potential misuse of the c= ommand to flood targets with packets via ping?<br></div><div>><br></d= iv><div>>If it is then I'd like to suggest that this limitation be re= moved or is reduced to `0.1` seconds instead? Using `ping` for this kind= of thing isn't a viable attack today, and the 1 second limitation seems= like it would get in the way of useful uses of the ping command.<br></d= iv><div>><br></div><div>>Also this is my first post to any *BSD ma= iling list, so please let me know if this is not the right place to ask = this question or propose this!<br></div><div>><br></div><div>>Than= ks,<br></div><div>>Tom<br></div><div>><br></div><div>>1. <= a href=3D"https://github.com/orf/gping">https://github.com/orf/gping</a>= <br></div><div>>2. <a href=3D"https://github.com/freebsd/freebsd= -src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L4= 41">https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee72282474= 66c8c1712de6e3b6f/sbin/ping/ping6.c#L441</a><br></div><div>Other UNIX-li= ke systems have the same restriction. At $JOB we use Solaris and various= Linux systems. All maintain the same restriction. Other BSDs are the sa= me.I don't think FreeBSD should be an outlier.<br></div><div><br></div><= div>Maybe setgid bit or a capability to remove the restriction may= be a better solution. But to reduce the timeout to essentially remove i= t is IMO unwise. <br></div><div><br></div><div>-- <br></div><d= iv>Cheers,<br></div><div>Cy Schubert <<a href=3D"mailto:Cy.Schubert@c= schubert.com">Cy.Schubert@cschubert.com</a>><br></div><div>FreeBSD UN= IX: <<a href=3D"mailto:cy@FreeBSD.org">cy@FreeBSD.org</a>>&n= bsp; Web: <a href=3D"https://FreeBSD.org">https://FreeBSD.org= </a><br></div><div>NTP: &= nbsp; = <<a href=3D"mailto:cy@nwtime.org">cy@nwtime.org</a>> &n= bsp; Web: <a href=3D"https://nwtime.org">https://nwtime.org</= a><br></div><div> &= nbsp; &= nbsp; &= nbsp; &= nbsp; e^(i*pi)+1=3D0<br></div><div><br></d= iv><div>Pardon the typos. Small keyboard in use.<br></div><div><br></div= ></blockquote><div><br></div></body></html> --24f27762460e46539679bef9d11faa60--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4f8b035c-b2cc-4606-a691-f1d86827282b>