OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Here's another glibc env. var.
From: David Luyer (david_luyerpacific.net.au)
Date: Thu May 25 2000 - 06:49:07 CDT

Chris Evans wrote:
> In practice? No, because ping immediately drops all privs apart from its
> raw network socket file descriptor, and even then, has seen extensive
> audit.

And still had bugs discovered, eg, ways to use an async file descriptor with
it's signal set to sigalrm to initiate a flood ping by generating alarm
signals. Any security bug in ping may cause the ability to watch packets
on the network and generate spoofed packets.

Also, there are many other "ping-like" useful utilities, such as "bing", and
forms of traceroute which use ICMP or GRE and need root access, including
graphical versions. The "network reachability, routing and performance"
utilities are many and varied but rely on probably around a dozen features
which could be provided by a back-end server.

And that server could eliminate the option of firing up a few dozen copies
of ping to flood some poor guy's link.

A single server which could specify what kind of packet to send out, if
the TTL should be set, if the data should be random or not, etc, and enforce
a rate limit per user per destination and so on would be a security
improvement, both from the POV of root compromise and network abuse by shell
users.

David. 

-- 
----------------------------------------------
David Luyer
Senior Network Engineer
Pacific Internet (Aust) Pty Ltd
Phone:  +61 3 9674 7525
Fax:    +61 3 9699 8693
Mobile: +61 4 1064 2258, +61 4 1114 2258
http://www.pacific.net.au        NASDAQ: PCNTF
<< fast 'n easy >>
----------------------------------------------