bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] On subprivileged ping and traceroute.


From: Mats Erik Andersson
Subject: [bug-inetutils] On subprivileged ping and traceroute.
Date: Wed, 17 Feb 2016 14:08:58 +0100
User-agent: Mutt/1.5.23 (2014-03-12)

Hello all,

I will as as an exceptional event talk about a GNU/Linux-only matter.
The two most recent commits of mine implemented the ability of ping
and traceroute to use ICMP packets sent from datagram sockets. This
is an ability peculiar to the Linux kernel, with sizeable drawbacks.

First off, these subprivileged use cases presuppose that the MIB

  net.ipv6.ping_group_range='1 0'

is changed to another range including the intended set of users.
Since root is not included in the default range, thus is not able
to use this socket work around, the technique makes sense as a fall
back technique only.

Secondly, a user included in the selected group range is, by courtesy
of the kernel, only able to receive packet of types 'echo request'
and 'echo reply'. Thus messages like 'time to live exceeded' and
'host unreachable' are never recognized by the application. As a result
neither ping, nor traceroute, are disclosing all the useful information
that the suid-installed applications would deliver.

  $ ping -c1 --ttl=5   a.b.c.d
  PING a.b.c.d (a.b.c.d): 56 data bytes
  --- a.b.c.d ping statistics ---
  1 packet transmitted, 0 packet received, 100% packet loss

  $ sudo ping -c1 --ttl=6   a.b.c.d
  PING a.b.c.d (a.b.c.d): 56 data bytes
  64 bytes from a.b.c.d: icmp_seq=0 ttl=179 time=5,863 ms
  --- a.b.c.d ping statistics ---
  1 packet transmitted, 1 packet received, 0% packet loss


  $ traceroute -I -q1   b.c.d.e
  traceroute to b.c.d.e (b.c.d.e), 64 hops max
    1   *
    2   *
    3   b.c.d.e  5,103ms

  $ sudo traceroute -I -q1   b.c.d.e
  traceroute to b.c.d.e (b.c.d.e), 64 hops max
    1   10.0.2.2  0,006ms
    2   f.g.h.j  7,345ms
    3   b.c.d.e  9,565ms

It is a fact of notable value, that the subprivileged use of traceroute
only applies to ICMP mode. The default UDP mode starts the application
properly, but will step down only when the hops limit is attained, not
able to detect the intended host at all!

In summary, I find that the new abilities are of more value as verification
that our code base is minimally using the suid-bit, than providing useful
modes of use in their own right. Feel free to disagree, but the scrutiny
of the Linux kernel is enforcing an outcome below expectation.

Best regards for now,
  M E Andersson



reply via email to

[Prev in Thread] Current Thread [Next in Thread]