Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!ucsd!hub.ucsb.edu!spectrum.CMC.COM!lars From: lars@spectrum.CMC.COM (Lars Poulsen) Newsgroups: comp.protocols.tcp-ip Subject: Re: Wollongong TCP/IP ping question, VMS Keywords: Wollongong WIN/VMS PING SYSPRV Message-ID: <1990Jul10.172440.15458@spectrum.CMC.COM> Date: 10 Jul 90 17:24:40 GMT References: <2509@nems.dt.navy.mil> <1990Jul9.210637.4761@Solbourne.COM> <2521@nems.dt.navy.mil> Organization: Rockwell CMC Lines: 39 In article <2521@nems.dt.navy.mil> lumsdon@dtoa1.dt.navy.mil (Esther Lumsdon) writes: > [PING requires SYSPRV] >Is it safe to install PING with SYSPRV privilege? >Will it compromise my system security? A matter of definition :-) :-) If you install PING with privilege, anybody can use PING. This is useful, but do you want them to ? (I.e. you may not want to pay for that essentially useless traffic). (But pings from OTHER sites are probably more disruptive than outgoing pings). >Does Wollongong's PING do anything other than sending ping at target? You mean, are there trojan horses in commercial code ? Of course you should be suspicious of anything for which you don't receive source code. If you are REALLY worried, you could write your own PING instead of using TWG's. >Is Wollongong's PING code written such that it uses SYSPRV carefully? Why would you be more suspicious of PING than of say the FTP daemon ? The reason PING requires privilege, is that it connects to a "raw" socket; i.e. it interfaces at a level of the network package where you can send *anything you like*. To prevent user programs from forging authentic looking datagrams that pretend to be from somewhere else, the network kernel has been made to insist that only privileged programs do these things. >I'll call Wollongong and ask these questions, and >post answers to the net in a week or so. > >-------------------------- Esther Lumsdon -------------------------------- >lumsdon@dtoa1.dt.navy.mil lumsdon@dtrc.dt.navy.mil >lumsdon%dtrc.navy.mil@uunet.uu.net >"Wherever you go, there you are" -Buckaroo Bonzai -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM