lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Sat, 26 Apr 2014 12:02:28 +0900
From:	Lorenzo Colitti <>
To:	Lorenzo Colitti <>,
	Ben Hutchings <>,
	Florian Westphal <>,
	netdev <>,
	Vasiliy Kulikov <>
Subject: Re: [RFC][PATCH] IP: Make ping sockets optional

On Sat, Apr 26, 2014 at 6:18 AM, Hannes Frederic Sowa
<> wrote:
>> One of the original discussion threads I posted above has a link to a
>> lengthy discussion on why the original designers of this code thought
>> capabilities were not a good idea from a security standpoint.
> Hmm, maybe I have overlooked it but I have not found any references to
> capabilities.

I thought I had linked to that, but perhaps I hadn't. This was
proposed for the first time in 2010: . The discussion on
capabilities is linked a few messages down, .

> Ok, I see. There seem to be more users of this on Android. I guess ping
> sockets are available to every application writer or will it be set
> dynamically because of application permissions? Sorry, I am not that common
> with android.

Android sets ping_group_range to "allow everything". Access to general
network connectivity is restricted by Android application permissions,
so if an application has that, it can send pings.

> Ack, that's why my first hunch was to introduce a new capability just for ping
> sockets. I assume this wouldn't work for android?

Android userspace would need to be changed to use it (to give it to
everything that has network access permissions). I don't know if
there's a way to do that today.

Also, if you introduced a new capability for this, I think the 10KB
extra code would still be there. Because ping sockets don't allow you
to send/receive arbitrary ICMP messages, they only allow ping packets.
So "a new capability to allow ping" would have to be similarly
restricted, which means a lot of the code would still have to be
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists