On Aug 22, 2005, at 12:33 PM, Jason Gurtz wrote:
Certainly raw sockets would be a huge risk, but I don't see how echo_replyat a 1 per second rate or something is a problem.
Except you'd have to add a kernel interface just to send ICMP echo requests, along with whatever options you want to allow non-root users to specify. IMHO that is at least as crazy as a setuid program with the same purpose.
Even a general interface to send ICMP packets is much too dangerous -- send out a few HOST UNREACHABLEs with the local router's address and you'll knock the whole subnet offline. That's one of the reasons there's not an interface to create ICMP packets in the first place, for root or anyone else.
Zach
smime.p7s
Description: S/MIME cryptographic signature
-- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
