Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!purdue!ames!sgi!vjs@rhyolite.wpd.sgi.com
From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Should "ping" be restricted to root??
Summary: yeah, but watch out for teflon smoke
Message-ID: <39888@sgi.SGI.COM>
Date: 10 Aug 89 02:25:14 GMT
References: <525@focsys.UUCP> <26366@news.Think.COM>
Sender: daemon@sgi.SGI.COM
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 22

In article <26366@news.Think.COM>, barmar@think.COM (Barry Margolin) writes:
> 
> It's safe to setuid ping. ... I wouldn't worry.
> 
> Barry Margolin
> Thinking Machines Corp.
> barmar@think.com
> {uunet,harvard}!think!barmar


While on balance ping seems too useful to restrict, it is only fair to
mention that `ping -f ` is a handy way to melt the wire.  If a
bad guy does not have a ping with -f, then
`repeat 100 eval "ping  > /dev/null &"` is as good.

Unless you've changed things to not respond to ICMP echo requests to
broadcast addresses.


Vernon Schryver
Silicon Graphics
vjs@sgi.com