Jason Gurtz wrote: > On 8/22/2005 12:39, Bryan Kadzban wrote: > >>On Mon, Aug 22, 2005 at 12:03:49PM -0400, Jason Gurtz wrote: >> >> >>>That's crazy. Normal pings shouldn't require root. >> >>IIRC, the standard kernel socket interface simply has no way to send any >>kind of ICMP packet (echo-request included). Therefore, you need to >>open a raw socket, and write the headers yourself. > > > Hmm, still think it's crazy. Maybe that's a missing feature in the > kernel? Somehow I think that'll never see the light of day. > > I looked and my ping is setuid. > > -rwsr-xr-x 1 root root 15876 Sep 4 2001 /bin/ping*
I think it would be a much greater security problem if sending icmp or opening raw sockets by non-root users was allowed. Controlling access through a well audited executable with suid privs is a much more secure alternative. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
