Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7b5533cb-2b98-ce2e-20ba-bef0fb133e3@dereferenced.org>
Date: Mon, 19 Apr 2021 12:15:59 -0600 (MDT)
From: Ariadne Conill <ariadne@...eferenced.org>
To: oss-security@...ts.openwall.com
cc: security@...ian.org
Subject: Re: xscreensaver package caps gets raw socket

Hello,

On Mon, 19 Apr 2021, David A. Wheeler wrote:

>>> On Apr 18, 2021, at 8:25 AM, Simon McVittie <smcv@...ian.org> wrote:
>>> Scraping is undesirable, but sometimes needed. If this is a common need, a
>>> long-term solution might be to create an option on ping to generate a standard
>>> format that’s easier to machine-parse.
>>
>> On Apr 19, 2021, at 1:35 PM, Ariadne Conill <ariadne@...eferenced.org> wrote:
>> This already exists as fping(1), for example:
>
> The problem for application developers is that “ping” exists practically everywhere,
> while fping does not.

Absolutely true, but fping is packaged in most Linux distributions, as 
well as all of the BSDs, due to its use by various network monitoring 
programs such as smokeping and nagios, so it seems like a reasonable 
dependency for cases like these.

IMO, it's better that programs declare something like fping as a 
dependency, so that we don't have to deal with yet another program years 
from now having elevated privileges and being abused to run tcpdump... :)

Seriously, if anyone on this list ever finds themselves writing a program 
where they need to fire off some pings, instead of making their program 
SUID or granting it cap_net_raw, just use fping instead.  At the very 
least, you'll be happier because you don't have to write your own ping 
code, and the distribution maintainers of the world will be happier 
because you *didn't* write your own ping code.

Ariadne

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.