Re: FreeBSD Security Advisory FreeBSD-SA-22:15.ping

From: mike tancsa <mike_at_sentex.net>
Date: Thu, 01 Dec 2022 15:27:44 UTC
On 11/30/2022 5:38 PM, Brooks Davis wrote:
> It's probably also worth considering it as a local privilege escalation
> attack.  The attacker will need to control a ping server, but it's often
> the case that enough ICMP traffic is allowed out for that to work and in
> that case they have unlimited tries to defeat any statistical mitigations
> (unless the admin spots all the ping crashes).


My concern is the "evil server in the middle" ... Things like route 
highjacking are not that uncommon. I have a number of IoT devices out 
there I will need to patch, some still based on RELENG_11.  The patch 
doesnt apply cleanly, but looking at the source code, there are a bunch 
of spots where

#ifdef IP_OPTIONS

If I put on the top of sbin/ping.c

undef IP_OPTIONS

will the code that is problematic get compiled out and avoid the issue ?

ping.c:#ifdef IP_OPTIONS
ping.c:#ifdef IP_OPTIONS
ping.c:         if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace,
ping.c:                 err(EX_OSERR, "setsockopt IP_OPTIONS");
ping.c:#endif /* IP_OPTIONS */


For now, I would rather push a patched ping which I can do quickly to a 
few hundred devices

     ---Mike