Date: Mon, 28 Mar 2011 15:04:29 +0100 (BST) From: Iain Hibbert <plunky@rya-online.net> To: Alexander Best <arundel@freebsd.org> Cc: freebsd-bluetooth@freebsd.org Subject: Re: l2ping(8) and -f switch Message-ID: <alpine.NEB.2.00.1103281452520.27263@galant.ukfsn.org> In-Reply-To: <20110328101804.GA39095@freebsd.org> References: <20110328001258.GA70156@freebsd.org> <alpine.NEB.2.00.1103280751410.3331@galant.ukfsn.org> <20110328101804.GA39095@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Mar 2011, Alexander Best wrote: > On Mon Mar 28 11, Iain Hibbert wrote: > > On Mon, 28 Mar 2011, Alexander Best wrote: > > > > > thus i believe making the -f switch only accessable to super-users (in > > > accordance with ping(8)/ping6(8)) would increase security. > > > > what stops the user from recompiling l2ping without this restriction? > > nothing. but what stops him from recompiling ping(8) or ping6(8) without the > restriction? still it's there. AFAIK you need superuser privileges to even send ICMP_ECHO packets, thats why ping is traditionally a suid program and making a new binary won't help normal users.. I'm guessing that l2ping doesn't have the same restrictions? iain
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.NEB.2.00.1103281452520.27263>