Date: Mon, 28 Mar 2011 00:12:58 +0000 From: Alexander Best <arundel@freebsd.org> To: freebsd-bluetooth@freebsd.org Subject: l2ping(8) and -f switch Message-ID: <20110328001258.GA70156@freebsd.org>
next in thread | raw e-mail | index | archive | help
--Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi there, i've just noticed the -f switch to l2ping(8) doesn't require super-user privileges. wouldn't this allow a regular user to flood any bluetooth device with massive ping requests? thus i believe making the -f switch only accessable to super-users (in accordance with ping(8)/ping6(8)) would increase security. i've attached a patch which implements this functionality in addition to some other minor corrections to the l2ping(8) C source and man page. cheers. alex -- a13x --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="l2ping.diff" diff --git a/usr.sbin/bluetooth/l2ping/l2ping.8 b/usr.sbin/bluetooth/l2ping/l2ping.8 index 477f4ec..1b1d30b 100644 --- a/usr.sbin/bluetooth/l2ping/l2ping.8 +++ b/usr.sbin/bluetooth/l2ping/l2ping.8 @@ -25,7 +25,7 @@ .\" $Id: l2ping.8,v 1.3 2003/05/21 01:00:19 max Exp $ .\" $FreeBSD$ .\" -.Dd June 14, 2002 +.Dd March 28, 2011 .Dt L2PING 8 .Os .Sh NAME @@ -36,7 +36,7 @@ .Op Fl fhn .Fl a Ar remote .Op Fl c Ar count -.Op Fl i Ar delay +.Op Fl i Ar wait .Op Fl S Ar source .Op Fl s Ar size .Sh DESCRIPTION @@ -65,6 +65,7 @@ will operate until interrupted. .It Fl f .Dq Flood ping, i.e., no delay between packets. +Only the super-user may use this option. .It Fl h Display usage message and exit. .It Fl i Ar wait @@ -109,7 +110,7 @@ Some implementations may not like large sizes and may hang or even crash. .Xr ng_l2cap 4 , .Xr l2control 8 .Sh AUTHORS -.An Maksim Yevmenkin Aq m_evmenkin@yahoo.com +.An Maksim Yevmenkin Aq emax@FreeBSD.org .Sh BUGS Could collect more statistic. Could check for duplicated, corrupted and lost packets. diff --git a/usr.sbin/bluetooth/l2ping/l2ping.c b/usr.sbin/bluetooth/l2ping/l2ping.c index d7e1b1e..2978afd 100644 --- a/usr.sbin/bluetooth/l2ping/l2ping.c +++ b/usr.sbin/bluetooth/l2ping/l2ping.c @@ -31,6 +31,7 @@ #include <sys/ioctl.h> #include <sys/time.h> +#include <sys/types.h> #include <arpa/inet.h> #include <netinet/in.h> #include <assert.h> @@ -106,6 +107,8 @@ main(int argc, char *argv[]) break; case 'f': + if (getuid()) + errx(1, "Must be superuser to flood ping"); flood = 1; break; @@ -272,8 +275,8 @@ tv2msec(struct timeval const *tvp) static void usage(void) { - fprintf(stderr, "Usage: l2ping -a bd_addr " \ - "[-S bd_addr -c count -i wait -n -s size -h]\n"); + fprintf(stderr, "Usage: l2ping [-fhn] -a remote " \ + "[-c count] [-i wait] [-S source] [-s size]\n"); fprintf(stderr, "Where:\n"); fprintf(stderr, " -a remote Specify remote device to ping\n"); fprintf(stderr, " -c count Number of packets to send\n"); --Qxx1br4bt0+wmkIi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110328001258.GA70156>