[2984] in bugtraq
Re: ping
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Tue Jul 23 14:20:52 1996
Date: Tue, 23 Jul 1996 04:47:23 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Brian Mitchell <brian@saturn.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199607222330.BAA22890@i17linuxb.ists.pwr.wroc.pl>
On Tue, 23 Jul 1996, Marek Michalkiewicz wrote:
> Well, not all systems have snprinf :-(. (It is in reasonably
> current versions of *BSD and Linux libc, but not on many older
> systems.)
Yeah, I know. Makes life a whole lot easier though, doesnt it :-). Even
in linux, it isn't documented - I had to nm libc to make sure :).
>
> Anyway, just wondering why the standard version of ping doesn't
> do setuid(getuid()) right after socket(AF_INET, SOCK_RAW, ...).
> No other code should need root privileges. The version of ping
> supplied with Debian Linux does this, with the added bonus that
> ps shows who is running ping (instead of just showing "root").
It prob didn't bother because ping is so small. You usually think small
programs are safe, and it has not been established that the overflow can
be abused. I thought it could, but i read the code a little too quickly.
>
> While we are at ping bugs: at least some versions allow flooding
> the network using the -l option as ordinary luser (just specify
> a large number of packets to send quickly). Again, Debian Linux
> doesn't have this problem, but the original ping-5.9 does.
Unfortunately, that doesnt matter. Anyone who wants to can install netcat
and do cat /dev/zero|nc -u host port if they are intent on denial of
services attacks.
Brian Mitchell brian@saturn.net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
