Path: utzoo!utgpu!watmath!att!dptg!rutgers!iuvax!cica!tut.cis.ohio-state.edu!bloom-beacon!think!barmar From: barmar@think.COM (Barry Margolin) Newsgroups: comp.protocols.tcp-ip Subject: Re: Should "ping" be restricted to root?? Message-ID: <26366@news.Think.COM> Date: 9 Aug 89 20:09:49 GMT References: <525@focsys.UUCP> Reply-To: barmar@kulla.UUCP (Barry Margolin) Organization: Thinking Machines Corporation, Cambridge MA, USA Lines: 27 In article <525@focsys.UUCP> larry@focsys.UUCP (Larry Williamson) writes: >On our System V/386 Unix, ping works only if the effective >user id of ping is root. Is this really necessary? >As a temporary measure, I've chmod'd ping to run as root. >Is this a bad idea? From the source code (which is public domain): * This program has to run SUID to ROOT to access the ICMP socket. ICMP is connectionless, and reading the ICMP socket gives the caller a copy of *all* ICMP packets received by the system. Since it permits access to packets not necessarily intended for that particular process, it may only be accessed by root. It's safe to setuid ping. It filters out the packets not associated with the ping, so there is no security problem there. The only reason not to would be if you are worried about users wasting net bandwidth by running lots of pings. Since there are plenty of other ways to waste net bandwidth, I wouldn't worry. Barry Margolin Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar