Re: i386/575: /sbin/ping world-executable

["Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>]

The following reply was made to PR i386/575; it has been noted by GNATS.

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
To: gnats@openbsd.org
Cc: abyss@abyss.imaji.net
Subject: Re: i386/575: /sbin/ping world-executable
Date: Sat, 15 Aug 1998 03:19:42 EDT

 -----BEGIN PGP SIGNED MESSAGE-----
 
 To: gnats@openbsd.org
 Subject: Re: i386/575: /sbin/ping world-executable
 Cc: abyss@abyss.imaji.net
 Date: 08/15/98, 03:19:38
 
 
 >Description:
 >        /sbin/ping is world-executable, meaning that joe user can ping flood
 >        or whatever. It is normal for other OS's to allow ping for everyone,
 >        but this appears to be a bug due to ping being in /sbin, rather than
 >        /bin or /usr/bin
 >How-To-Repeat:
 >        become a user in i386 OpenBSD 2.3, and call /sbin/ping 
 
 What are you talking about ?
 
 coredump_angelos_38_$_cat /kern/osrelease
 2.3
 coredump_angelos_39_$_id
 uid=24224(angelos) [snip]
 coredump_angelos_40_$_ping -f dsl
 ping: Operation not permitted
 coredump_angelos_41_$_ping -f localhost
 ping: Operation not permitted
 
 Did you actually try doing whatever you're describing, in OpenBSD ?
 - -Angelos
 
 
 
 -----BEGIN PGP SIGNATURE-----
 Version: 2.6.3i
 Charset: noconv
 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
 
 iQEVAwUBNdU2incrsxJuc7vBAQH4dgf/dOhPwn+WYMCJYLJJK/JMWZ2ni/Q0/9A6
 O8fbPbB1Np86xSRnERbfjvOhtY8pk0I0+nmPMIU/XQnlOS5HWyj2O/jcDqwvcBwt
 7GEUogOJWW7/lfSucgdZ5aLkucwUfXXIym4qVad2//y9H0/Map8JMEYcdkwQR7lH
 cCw04DH5Bi91bhJd2qMXaKM78dInqVQEVmNfajrdIcmxmfoqNFuXricSPm5/f8Qs
 MTWTvCj4DRb85susr6U0odz3JgXnDj28btehpOauLiZZxnU36lqYuFmYEJ8SMrZ7
 Nn7m7myUa2+Oit8Pau5mmNjnrJq0pIwWXYRqbIp7fjZ/IG6y/PzVNA==
 =B2jm
 -----END PGP SIGNATURE-----