oss-sec mailing list archives

Re: xscreensaver package caps gets raw socket

From: Eli Schwartz <eschwartz () archlinux org>
Date: Mon, 19 Apr 2021 14:31:30 -0400

On 4/19/21 2:15 PM, Ariadne Conill wrote:

Hello,

On Mon, 19 Apr 2021, David A. Wheeler wrote:

On Apr 18, 2021, at 8:25 AM, Simon McVittie <smcv () debian org> wrote:
Scraping is undesirable, but sometimes needed. If this is a common
need, a
long-term solution might be to create an option on ping to generate
a standard
format that’s easier to machine-parse.


On Apr 19, 2021, at 1:35 PM, Ariadne Conill
<ariadne () dereferenced org> wrote:
This already exists as fping(1), for example:


The problem for application developers is that “ping” exists
practically everywhere,
while fping does not.


Absolutely true, but fping is packaged in most Linux distributions, as
well as all of the BSDs, due to its use by various network monitoring
programs such as smokeping and nagios, so it seems like a reasonable
dependency for cases like these.

IMO, it's better that programs declare something like fping as a
dependency, so that we don't have to deal with yet another program years
from now having elevated privileges and being abused to run tcpdump... :)

Seriously, if anyone on this list ever finds themselves writing a
program where they need to fire off some pings, instead of making their
program SUID or granting it cap_net_raw, just use fping instead.  At the
very least, you'll be happier because you don't have to write your own
ping code, and the distribution maintainers of the world will be happier
because you *didn't* write your own ping code.



Also fping is the standard fping, but there is no standard ping so one
would need to coordinate adding the option to a number of different
descendant forks of 4.3BSD ping, before it could be reliably used.

If the answer to your question is ever "for X number of independent
implementations of Y, add the same new feature to all of them", then the
problem will not be coming up with wonderful ideas to solve problems --
the problem will be getting people to implement those wonderful ideas.

-- 
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Current thread:

xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Érico Nogueira (Apr 18)
  - Re: xscreensaver package caps gets raw socket Solar Designer (Apr 18)
  - Re: xscreensaver package caps gets raw socket Alan Coopersmith (Apr 18)
- Re: xscreensaver package caps gets raw socket Simon McVittie (Apr 18)
  - Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
    - Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
    - Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
    - Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
    - Re: xscreensaver package caps gets raw socket Eli Schwartz (Apr 19)
    - Re: xscreensaver package caps gets raw socket Stuart Henderson (Apr 19)
- Re: xscreensaver package caps gets raw socket Solar Designer (Apr 19)
- Re: xscreensaver package caps gets raw socket Salvatore Bonaccorso (Apr 21)