Re: pingflood.c

[solar () FALSE COM (Solar Designer)]

Hello,

>    Pingflood simply sends a lot of SIGALRM signals to the ping process.
> It can
>    do this because the ping process is owned by the user.

Here's a fix I just did, for ping from Linux's NetKit 0.09 -- nothing
complicated, I'm posting it just to save some BugTraq readers a minute.

Note: I'm doing it this weird way since just doing a setuid() would also
make it impossible for users to kill their ping processes (with SIGTERM).

--- ping.c.orig Sun Dec 29 19:13:01 1996
+++ ping.c      Mon May 18 14:09:03 1998
@@ -64,6 +64,7 @@
 #include <sys/socket.h>
 #include <sys/file.h>
 #include <sys/time.h>
+#include <sys/times.h>
 #include <sys/signal.h>

 #include <netinet/in.h>
@@ -270,6 +271,11 @@
                        options |= F_SO_DONTROUTE;
                        break;
                case 's':               /* size of packet to send */
+                       if (!am_i_root) {
+                               (void)fprintf(stderr,
+                                   "ping: %s\n", strerror(EPERM));
+                               exit(2);
+                       }
                        datalen = atoi(optarg);
                        if (datalen > MAXPACKET) {
                                (void)fprintf(stderr,
@@ -488,12 +494,22 @@
  * quality of the delay and loss statistics.
  */
 static void
-catcher(int ignore)
+catcher(int signum)
 {
+       struct tms buf;
+       clock_t current;
+       static clock_t last = 0;
        int waittime;

-       (void)ignore;
-       pinger();
+       if (signum) {
+               current = times(&buf);
+               if (current - last >= CLK_TCK - 1 || current < last) {
+                       last = current;
+                       pinger();
+               }
+       } else
+               pinger();
+
        (void)signal(SIGALRM, catcher);
        if (!npackets || ntransmitted < npackets)
                alarm((u_int)interval);

Signed,
Solar Designer