On Wed, Aug 13, 2003 at 10:01:03PM +1000, Andy Farkas typed: > Mark wrote: > > > I am just not very fond of the idea of local users starting ICMP wars over > > the net, using my server :) I have already had an instance where a web-user > > did an excessive ping attack on one of his buddies. And, naturally, I want > > to prevent that. The chmod u-s idea mentioned here, was a good idea. Except > > that, prefereably, I'd like all of wheel to have access, and the rest not. > > And that may be harder to implement. > > If your users play up, put your BOFH hat on and lart them. > > chmod'ing /sbin/ping is useless - users can compile their own version of > ping. They can compile all they want, but they can't make the command suid root, which is required for ping to work.
[EMAIL PROTECTED]:/home/ruben> cp /sbin/ping . [EMAIL PROTECTED]:/home/ruben> ./ping localhost ping: socket: Operation not permitted So I would say taking away the s bit (or the execute bit for others) can be very usefull. -Ruben > Make your users aware that abusing ping (and other net resources) will get > them kicked and banned from your system. > > -- > > :{ [EMAIL PROTECTED] > > Andy Farkas > System Administrator > Speednet Communications > http://www.speednet.com.au/ > > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"