On Tue, 25 Apr 2000, Benjamin Scott <[EMAIL PROTECTED]> wrote:
>
...
> Well, I guess I got my question answered!
>
> I'll follow that up by saying: Why the heck isn't there a safe interface to
> ICMP, so ping doesn't have to be SUID root? :-)
If I've got the acronym right ICMP is: internet control message protocol.
If any user on a Unix system could send out any sort of ICMP requests,
he could throttle/kill/reject/etc a connection that another user (on the
same machine) was making. Hence root permission is needed in general to
protect user's.
Evidently ECHO_REQUEST (when not in flood -f mode!) is OK for users to
use (i.e. not abuse), hence the suid ping program to allow this sort of
activity. Have a look at /usr/include/linux/icmp.h to get a flavor of
the ICMP_* actions.
Of course on a Windows box everybody is root, so one can any nasty thing
they please because it is basically a single-user model.
Karl Runge
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
