Discussion:
Removing or changing the ping interval restriction for non-root users
(too old to reply)
Tom Forbes
2024-03-24 12:57:01 UTC
Permalink
Hello,
I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping?

If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command.

Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this!

Thanks,
Tom

1. https://github.com/orf/gping
2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441
Cy Schubert
2024-03-24 14:48:35 UTC
Permalink
Post by Tom Forbes
Hello,
I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping?
If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command.
Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this!
Thanks,
Tom
1. https://github.com/orf/gping
2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441
Other UNIX-like systems have the same restriction. At $JOB we use Solaris and various Linux systems. All maintain the same restriction. Other BSDs are the same.I don't think FreeBSD should be an outlier.

Maybe setgid bit or a capability to remove the restriction may be a better solution. But to reduce the timeout to essentially remove it is IMO unwise.
--
Cheers,
Cy Schubert <***@cschubert.com>
FreeBSD UNIX: <***@FreeBSD.org> Web: https://FreeBSD.org
NTP: <***@nwtime.org> Web: https://nwtime.org
e^(i*pi)+1=0

Pardon the typos. Small keyboard in use.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Tom Forbes
2024-03-24 15:04:15 UTC
Permalink
I've personally never come across this limitation on any system that I've used, however it is a good point that there are bound to be systems that have the same limitation. After digging a bit more into the history the limitation was added in this commit[1] in 1998 with the explicit intention to "secure options from user-level D.O.S attacks".

A lot of things have changed since 1998, and setting an arbitrary high limit to prevent "ping" and "ping6" from being used to DOS networked devices would be a pretty suspect decision if it was suggested today. I expect a few other distributions have inherited this limit from the original contribution, but to me that doesn't lend a strong argument to keeping it if the underlying reason it exists doesn't make sense anymore _and_ if removing/reducing it is a backwards-compatible, simple and non-invasive change.

Tom
1. https://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60242c08771165
Post by Cy Schubert
Post by Tom Forbes
Hello,
I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping?
If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command.
Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this!
Thanks,
Tom
1. https://github.com/orf/gping
2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441
Other UNIX-like systems have the same restriction. At $JOB we use Solaris and various Linux systems. All maintain the same restriction. Other BSDs are the same.I don't think FreeBSD should be an outlier.
Maybe setgid bit or a capability to remove the restriction may be a better solution. But to reduce the timeout to essentially remove it is IMO unwise.
--
Cheers,
e^(i*pi)+1=0
Pardon the typos. Small keyboard in use.
Lee Brown
2024-03-24 18:20:36 UTC
Permalink
net/fping will allow sub-second intervals:

$ ping -i .1 10.1.1.1
ping: -i interval too short: Operation not permitted

$ fping --interval=1 --vcount=20 --period=50 10.1.1.1
20 lines of result

Better than changing base IMHO (POLA)
Post by Tom Forbes
I've personally never come across this limitation on any system that I've
used, however it is a good point that there are bound to be systems that
have the same limitation. After digging a bit more into the history the
limitation was added in this commit[1] in 1998 with the explicit intention
to "secure options from user-level D.O.S attacks".
A lot of things have changed since 1998, and setting an arbitrary high
limit to prevent "ping" and "ping6" from being used to DOS networked
devices would be a pretty suspect decision if it was suggested today. I
expect a few other distributions have inherited this limit from the
original contribution, but to me that doesn't lend a strong argument to
keeping it if the underlying reason it exists doesn't make sense anymore
_and_ if removing/reducing it is a backwards-compatible, simple and
non-invasive change.
Tom
1.
https://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60242c08771165
Post by Tom Forbes
Hello,
I maintain a small project called gping[1] that recently added support
for FreeBSD. One of the issues I ran into with running this on FreeBSD was
that the `ping` command seems to disallow intervals of less than 1 second
if you are not running as root[2]. This check was last touched 23 years ago
and I'm curious as to why this restriction exists? I assume it's from an
earlier time in the internets history, and perhaps is related to potential
misuse of the command to flood targets with packets via ping?
Post by Tom Forbes
If it is then I'd like to suggest that this limitation be removed or is
reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't
a viable attack today, and the 1 second limitation seems like it would get
in the way of useful uses of the ping command.
Post by Tom Forbes
Also this is my first post to any *BSD mailing list, so please let me
know if this is not the right place to ask this question or propose this!
Post by Tom Forbes
Thanks,
Tom
1. https://github.com/orf/gping
2.
https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441
Other UNIX-like systems have the same restriction. At $JOB we use Solaris
and various Linux systems. All maintain the same restriction. Other BSDs
are the same.I don't think FreeBSD should be an outlier.
Maybe setgid bit or a capability to remove the restriction may be a
better solution. But to reduce the timeout to essentially remove it is IMO
unwise.
--
Cheers,
e^(i*pi)+1=0
Pardon the typos. Small keyboard in use.
Rodney W. Grimes
2024-03-25 01:10:01 UTC
Permalink
Post by Tom Forbes
I've personally never come across this limitation on any system that I've used, however it is a good point that there are bound to be systems that have the same limitation. After digging a bit more into the history the limitation was added in this commit[1] in 1998 with the explicit intention to "secure options from user-level D.O.S attacks".
A lot of things have changed since 1998, and setting an arbitrary high limit to prevent "ping" and "ping6" from being used to DOS networked devices would be a pretty suspect decision if it was suggested today. I expect a few other distributions have inherited this limit from the original contribution, but to me that doesn't lend a strong argument to keeping it if the underlying reason it exists doesn't make sense anymore _and_ if removing/reducing it is a backwards-compatible, simple and non-invasive change.
IIRC the history on this is a bit more complex, originally only an interger value
of interval was allowed, and hince the lower limit WAS 1 second, then fractional
intervals got added. Flood pinging (-f) has always been restricted to root.

A debian bookworm ping(1) has minimal interval of 200mS per the manual page,
so I would say there are other major systems showing that a restriciton
on ping rates is a reasonable situation.
Post by Tom Forbes
Tom
1. https://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60242c08771165
Post by Cy Schubert
Post by Tom Forbes
Hello,
I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping?
What other systems have you tried gping on that does NOT have your "issue?"
Post by Tom Forbes
Post by Cy Schubert
Post by Tom Forbes
If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command.
I can not agree with your 0.1 second limit, I could probably be convinced the lower limit of 200mS though.
Post by Tom Forbes
Post by Cy Schubert
Post by Tom Forbes
Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this!
Thanks,
Tom
1. https://github.com/orf/gping
2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441
Other UNIX-like systems have the same restriction. At $JOB we use Solaris and various Linux systems. All maintain the same restriction. Other BSDs are the same.I don't think FreeBSD should be an outlier.
Maybe setgid bit or a capability to remove the restriction may be a better solution. But to reduce the timeout to essentially remove it is IMO unwise.
I concur.
Post by Tom Forbes
Post by Cy Schubert
--
--
Rod Grimes ***@freebsd.org


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...