Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!purdue!ames!sgi!vjs@rhyolite.wpd.sgi.com From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver) Newsgroups: comp.protocols.tcp-ip Subject: Re: Should "ping" be restricted to root?? Summary: yeah, but watch out for teflon smoke Message-ID: <39888@sgi.SGI.COM> Date: 10 Aug 89 02:25:14 GMT References: <525@focsys.UUCP> <26366@news.Think.COM> Sender: daemon@sgi.SGI.COM Organization: Silicon Graphics, Inc., Mountain View, CA Lines: 22 In article <26366@news.Think.COM>, barmar@think.COM (Barry Margolin) writes: > > It's safe to setuid ping. ... I wouldn't worry. > > Barry Margolin > Thinking Machines Corp. > barmar@think.com > {uunet,harvard}!think!barmar While on balance ping seems too useful to restrict, it is only fair to mention that `ping -f` is a handy way to melt the wire. If a bad guy does not have a ping with -f, then `repeat 100 eval "ping > /dev/null &"` is as good. Unless you've changed things to not respond to ICMP echo requests to broadcast addresses. Vernon Schryver Silicon Graphics vjs@sgi.com