Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Big problem on 2.0.x?
From: jason () INETARENA COM (Jason Mills)
Date: Mon, 13 Dec 1999 15:44:22 -0800


heres a simple patch for the -s stuff just using the same method as with
-l:)

--- netkit-base-0.10/ping/ping.c.orig   Mon Dec 13 15:33:56 1999
+++ netkit-base-0.10/ping/ping.c        Mon Dec 13 15:34:15 1999
@@ -302,6 +302,11 @@
                        options |= F_SO_DONTROUTE;
                        break;
                case 's':               /* size of packet to send */
+                       if (!am_i_root) {
+                               (void)fprintf(stderr,
+                                   "ping: %s\n", strerror(EPERM));
+                               exit(2);
+                       }
                        datalen = atoi(optarg);
                        if (datalen > MAXPACKET) {
                                (void)fprintf(stderr,

-------------------------------------

On Sat, 11 Dec 1999, Stephen White wrote:

Mike Ireton wrote:
i found that when u do a ping -s 65468 -R  ANYIPADDRESS ( -R record
route) the system starts to print on the screen kernel dumps
, freezes complitely and after few secconds the system reboots.

This can be 'fixed' (okay kludged around) by altering the

#define      MAXPACKET       (65536 - 60 - 8)/* max packet size */

line in ping.c

I've reduced it to 32K (32768) on my Linux 2.0.36 box, since that should
avoid all possible problems (air on the side of caution and all that). I
don't see users having any reason to need such large ping packets anyway
(other than for the purpose of local or remote exploits).

For those using RedHat 5.2 I've made an SRPM and .i368 RPM containing my
new ping and they are avaiable via annon. ftp at

ftp://ox.compsoc.net/users/swhite/ping/

You'll need to install with --force since the package reports the same
version as the normal redhat5.2 one so RPM thinks it's already
installed.

It has also been suggested that ping could be patched to make '-s' only
available to root (like '-l' is), as an alternative solution.  I haven't
tried this but it should be a fairly simple modification.

Neither of these address the real problem in the kernel, but they do
mean that sysadmins can go on allowing users to run ping without the
worry of quite such a trivial DoS.

The same problem does not appear to occur in Linux 2.2, Windows 95 or
Solaris 2.7.

--
Stephen White                   OU Compsoc System Administration Team
<swhite () ox compsoc net>            http://www.ox.compsoc.net/~swhite/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]