Problem with ping-check?

Andreas Ericsson ae at op5.se
Mon Oct 15 14:34:36 CEST 2007

Previous message: Problem with ping-check?
Next message: Problem with ping-check?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthias Eble wrote:
>> I've moved from check_ping to check_icmp. 
>> If check_ping can produce unnecessary alerts then why not simply symlink
>> check_ping to check_icmp or remove it?
> 
> because check_icmp needs root privileges (setuid root). check_ping can 
> be run without uid 0 because ping already has setuid root.
> check_icmp can only be installed with root privileges.
> 

Well, it's bugs in /bin/ping or bugs in check_icmp. Both of them drop
root privs immediately after having obtained the raw socket, so the attack
vector is severely limited.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Previous message: Problem with ping-check?
Next message: Problem with ping-check?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list