Re: Removing or changing the ping interval restriction for non-root users

From: Rodney W. Grimes <freebsd-rwg_at_gndrsh.dnsmgr.net>
Date: Mon, 25 Mar 2024 01:10:01 UTC
> I've personally never come across this limitation on any system that I've used, however it is a good point that there are bound to be systems that have the same limitation. After digging a bit more into the history the limitation was added in this commit[1] in 1998 with the explicit intention to "secure options from user-level D.O.S attacks".
> 
> A lot of things have changed since 1998, and setting an arbitrary high limit to prevent "ping" and "ping6" from being used to DOS networked devices would be a pretty suspect decision if it was suggested today. I expect a few other distributions have inherited this limit from the original contribution, but to me that doesn't lend a strong argument to keeping it if the underlying reason it exists doesn't make sense anymore _and_ if removing/reducing it is a backwards-compatible, simple and non-invasive change.

IIRC the history on this is a bit more complex, originally only an interger value
of interval was allowed, and hince the lower limit WAS 1 second, then fractional
intervals got added.  Flood pinging (-f) has always been restricted to root.

A debian bookworm ping(1) has minimal interval of 200mS per the manual page,
so I would say there are other major systems showing that a restriciton
on ping rates is a reasonable situation.

> 
> Tom
>  1. https://github.com/freebsd/freebsd-src/commit/526f06b278d9252add168aa18b60242c08771165
> 
> On Sun, 24 Mar 2024, at 2:48 PM, Cy Schubert wrote:
> > On March 24, 2024 5:57:01 AM PDT, Tom Forbes <tom@tomforb.es> wrote:
> > >Hello,
> > >I maintain a small project called gping[1] that recently added support for FreeBSD. One of the issues I ran into with running this on FreeBSD was that the `ping` command seems to disallow intervals of less than 1 second if you are not running as root[2]. This check was last touched 23 years ago and I'm curious as to why this restriction exists? I assume it's from an earlier time in the internets history, and perhaps is related to potential misuse of the command to flood targets with packets via ping?

What other systems have you tried gping on that does NOT have your "issue?"

> > >
> > >If it is then I'd like to suggest that this limitation be removed or is reduced to `0.1` seconds instead? Using `ping` for this kind of thing isn't a viable attack today, and the 1 second limitation seems like it would get in the way of useful uses of the ping command.

I can not agree with your 0.1 second limit, I could probably be convinced the lower limit of 200mS though.

> > >
> > >Also this is my first post to any *BSD mailing list, so please let me know if this is not the right place to ask this question or propose this!
> > >
> > >Thanks,
> > >Tom
> > >
> > >1. https://github.com/orf/gping
> > >2. https://github.com/freebsd/freebsd-src/blame/8a56ef8d75b42ee7228247466c8c1712de6e3b6f/sbin/ping/ping6.c#L441
> > Other UNIX-like systems have the same restriction. At $JOB we use Solaris and various Linux systems. All maintain the same restriction. Other BSDs are the same.I don't think FreeBSD should be an outlier.
> > 
> > Maybe  setgid bit or a capability to remove the restriction may be a better solution. But to reduce the timeout to essentially remove it is IMO unwise. 

I concur.

> > -- 
> > Cy Schubert <Cy.Schubert@cschubert.com>
> > FreeBSD UNIX:  <cy@FreeBSD.org>  Web:  https://FreeBSD.org
-- 
Rod Grimes                                                 rgrimes@freebsd.org