Bugtraq mailing list archives
Re: ping
From: brian () saturn net (Brian Mitchell)
Date: Tue, 23 Jul 1996 04:47:23 -0400
On Tue, 23 Jul 1996, Marek Michalkiewicz wrote:
Well, not all systems have snprinf :-(. (It is in reasonably current versions of *BSD and Linux libc, but not on many older systems.)
Yeah, I know. Makes life a whole lot easier though, doesnt it :-). Even in linux, it isn't documented - I had to nm libc to make sure :).
Anyway, just wondering why the standard version of ping doesn't do setuid(getuid()) right after socket(AF_INET, SOCK_RAW, ...). No other code should need root privileges. The version of ping supplied with Debian Linux does this, with the added bonus that ps shows who is running ping (instead of just showing "root").
It prob didn't bother because ping is so small. You usually think small programs are safe, and it has not been established that the overflow can be abused. I thought it could, but i read the code a little too quickly.
While we are at ping bugs: at least some versions allow flooding the network using the -l option as ordinary luser (just specify a large number of packets to send quickly). Again, Debian Linux doesn't have this problem, but the original ping-5.9 does.
Unfortunately, that doesnt matter. Anyone who wants to can install netcat and do cat /dev/zero|nc -u host port if they are intent on denial of services attacks. Brian Mitchell brian () saturn net "I never give them hell. I just tell the truth and they think it's hell" - H. Truman
Current thread:
- HPUX sam_exec bogus technician (Jul 18)
- <Possible follow-ups>
- Re: HPUX sam_exec Matthew G. Harrigan (Jul 18)
- Re: HPUX sam_exec Kent Hamilton (Jul 19)
- quotas? maybe you're not seeing all of it Brett L. Hawn (Jul 21)
- whoops.. addendum Brett L. Hawn (Jul 21)
- ping Brian Mitchell (Jul 21)
- ping Brian Mitchell (Jul 21)