Path: utzoo!utgpu!watmath!att!dptg!rutgers!iuvax!cica!tut.cis.ohio-state.edu!bloom-beacon!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Should "ping" be restricted to root??
Message-ID: <26366@news.Think.COM>
Date: 9 Aug 89 20:09:49 GMT
References: <525@focsys.UUCP>
Reply-To: barmar@kulla.UUCP (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 27

In article <525@focsys.UUCP> larry@focsys.UUCP (Larry Williamson) writes:
>On our System V/386 Unix, ping works only if the effective
>user id of ping is root. Is this really necessary?
>As a temporary measure, I've chmod'd ping to run as root.
>Is this a bad idea?

From the source code (which is public domain):

 *	This program has to run SUID to ROOT to access the ICMP socket.

ICMP is connectionless, and reading the ICMP socket gives the caller a
copy of *all* ICMP packets received by the system.  Since it permits
access to packets not necessarily intended for that particular
process, it may only be accessed by root.

It's safe to setuid ping.  It filters out the packets not associated
with the ping, so there is no security problem there.  The only reason
not to would be if you are worried about users wasting net bandwidth
by running lots of pings.  Since there are plenty of other ways to
waste net bandwidth, I wouldn't worry.


Barry Margolin
Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar