On 11/30/2022 5:38 PM, Brooks Davis wrote:
It's probably also worth considering it as a local privilege escalation
attack. The attacker will need to control a ping server, but it's often
the case that enough ICMP traffic is allowed out for that to work and in
that case they have unlimited tries to defeat any statistical mitigations
(unless the admin spots all the ping crashes).
My concern is the "evil server in the middle" ... Things like route
highjacking are not that uncommon. I have a number of IoT devices out
there I will need to patch, some still based on RELENG_11. The patch
doesnt apply cleanly, but looking at the source code, there are a bunch
of spots where
#ifdef IP_OPTIONS
If I put on the top of sbin/ping.c
undef IP_OPTIONS
will the code that is problematic get compiled out and avoid the issue ?
ping.c:#ifdef IP_OPTIONS
ping.c:#ifdef IP_OPTIONS
ping.c: if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace,
ping.c: err(EX_OSERR, "setsockopt IP_OPTIONS");
ping.c:#endif /* IP_OPTIONS */
For now, I would rather push a patched ping which I can do quickly to a
few hundred devices
---Mike
