Re: ping flooding as normal user

[Daniel Petzen <Daniel.Petzen () EMW ERICSSON SE>]

On Tue, 15 Aug 2000, Bluefish wrote:

> I'm no expert on network coding in the unix environment (or any other
> environment for that sake ;) but I'm wondering how big this issue is. I
> mean, basicly the main problem is that bandwidth per user isn't limited
> (for a number of sites, being able to limit that for ordinary users might
> be interesting - not only to avoid abuse)

  This is an interesting notion and I fully agree that bandwidth limitation
should be considered a basic part of resource management. The problem is the
implementation or rather where the implementation should be done.

> Secondary, why is ping suid? is this needed for sending these IMCP
> packets? If this can be by any user application I really don't think
> there's anything to fix in ping, then it would be a something to patch in
> the kernels, if it is concidered a needed feature.

I think it's like this: To implement ICMP which is at the same level as IP
you'll have to have raw access to the interface. You then have to create a
socket of the type SOCK_RAW. To do this you'll have to be root hence the SetUID
on the ping command.

  /// Daniel Petzén

>
[SNIP]
> ..:::::::::::::::::::::::::::::::::::::::::::::::::..
>      http://www.11a.nu || http://bluefish.11a.nu
>     eleventh alliance development & security team

--
---------------------------------------------------------------
   ___ Petzén     _     __ Mail : daniel.petzen () emw ericsson se
  / _ \___ ____  (_)__ / / Memo : EMW.EMWDPZ
 / // / _ `/ _ \/ / -_) /  Phone: +46 (0)31 7472565
/____/\_,_/_//_/_/\__/_/   Fax  : +46 (0)31 7473771
Ericsson Microwave Systems AB, Bergfotsgatan 2, 431 84 Mölndal
Private: Mail - zuul () lls se Voice: +46 (0)31 217676