Author Topic: [Unix] C++ ICMP programming lameness  (Read 6991 times)

0 Members and 1 Guest are viewing this topic.

Offline Glove

  • Newbie
  • *
  • Posts: 10
  • Hey! Look over there!
    • View Profile
[Unix] C++ ICMP programming lameness
« on: March 09, 2006, 03:10:33 pm »
Well, this serves as an example of Unix lameness

I know of no way to bypass root privileges to send ICMP echo packets ... in fact, I believe there isn't a way.
You have to do lame things like execute "ping".  If anybody has a secret to using ICMP without root privileges, please share.

Linux and Darwin solutions don't count as these two systems are non-standard.

Darwin has added ICMP support to SOCK_DGRAM for restricted ICMP usage.  All other Unix systems only have ICMP support with SOCK_RAW (which requires root privileges).

How does ping work?  Notice the sticky bit.
Quote
-r-sr-xr-x  1 root  wheel  23008 Jan 18 07:41 /sbin/ping

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [Unix] C++ ICMP programming lameness
« Reply #1 on: March 09, 2006, 06:19:35 pm »
First of all, I agree with the decision to make ICMP require root. 

Seocnd, that's not sticky, that's SetUID.  If you look up SetUID and SetGID, you can find more information.  But to summarize, a SetUID program executes in the context of the owner (root) and a SetGID program runs in the context of the group owner (wheel). 

Offline Glove

  • Newbie
  • *
  • Posts: 10
  • Hey! Look over there!
    • View Profile
Re: [Unix] C++ ICMP programming lameness
« Reply #2 on: March 11, 2006, 06:48:38 pm »
First of all, I agree with the decision to make ICMP require root. 

Seocnd, that's not sticky, that's SetUID.  If you look up SetUID and SetGID, you can find more information.  But to summarize, a SetUID program executes in the context of the owner (root) and a SetGID program runs in the context of the group owner (wheel). 

Oh, my mistake, I meant "sticky bit" for special modes in general.  That still doesn't tell me how to systematically get the latency to a remote host.  That's lame that Unix systems do not have under priviledged facilities that Windows and Apple have to handle this.
Executing "ping" is lame.  I am already aware of that solution.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [Unix] C++ ICMP programming lameness
« Reply #3 on: March 12, 2006, 02:39:47 am »
The proper solution is to make your program SetUID.  Fork a process that stays as root, and put it to sleep.  Then drop privs on the parent process.  If you need to do ICMP stuff, wake up the child and tell him to do it.  That's the best solution, and that's what's typically done. 

Offline Glove

  • Newbie
  • *
  • Posts: 10
  • Hey! Look over there!
    • View Profile
Re: [Unix] C++ ICMP programming lameness
« Reply #4 on: March 12, 2006, 03:26:48 pm »
The proper solution is to make your program SetUID.  Fork a process that stays as root, and put it to sleep.  Then drop privs on the parent process.  If you need to do ICMP stuff, wake up the child and tell him to do it.  That's the best solution, and that's what's typically done. 

Suppose you want to run the software on a shell or anohter Unix system that isn't yours.  Then it's likely you will not be given a SetUID bit.  That's not good enough.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [Unix] C++ ICMP programming lameness
« Reply #5 on: March 12, 2006, 07:41:57 pm »
I'd prefer people not sending out arbitrary ICMP from my system.  I allow them to use ping and traceroute, but using other tools they can do a ping-of-death attack, smurf attack, and other stuff.  I'd prefer not allowing that. 

Offline Glove

  • Newbie
  • *
  • Posts: 10
  • Hey! Look over there!
    • View Profile
Re: [Unix] C++ ICMP programming lameness
« Reply #6 on: March 12, 2006, 08:49:53 pm »
I'd prefer people not sending out arbitrary ICMP from my system.  I allow them to use ping and traceroute, but using other tools they can do a ping-of-death attack, smurf attack, and other stuff.  I'd prefer not allowing that. 

Agreed ... but I believe there should be some facility to do echoing at least.  Darwin, for example, has a restricted ICMP extension with SODK_DGRAM.

Quote
Non-privileged ICMP
     ICMP sockets can be opened with the SOCK_DGRAM socket type without
     requiring root privileges. The synopsis is the following:

     socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP)

     This can be used by non root privileged processes to send ICMP echo
     requests to gauge the quality of the connectivity to a host, to receive
     ICMP destination unreachable message for path MTU discovery, or to
     receveive time exceeded message for traceroute.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [Unix] C++ ICMP programming lameness
« Reply #7 on: March 12, 2006, 09:46:37 pm »
I'm not aware of any way of doing that on Linux or BSD, but I've never really looked.  I'm happy with the way it is currently set up, personally.