Design idea for Ping Application

Mike C. Fletcher mcfletch at rogers.com
Wed Aug 20 14:21:37 CEST 2003


David M. Cooke wrote:

>At some point, "Mike C. Fletcher" <mcfletch at rogers.com> wrote:
>  
>
...

>>however, I've not yet been
>>able to get the code to run under Unix (where creating raw sockets is
>>a no-no).
>>    
>>
>
>Only root can create raw sockets. You'll notice the system ping
>command is setuid root so that ordinary users can use it. Running this
>code as root works.
>  
>
Yes, that's where I'd arrived too (only root can do it).  I was sort of hoping there was some way around this silliness by using, e.g. non-raw sockets, or registering a socket as being ICMP-protocol and thereby letting the system check it's data for bad formatting/evil-stuff.

I really don't like the idea of requiring a setuid setup just to allow a multi-ping module to work (it's not even a module at that point, it's got to be its own script/process, which means creating input and output formats and all that jazz rather than just reporting the results as data-structures).  Multi-pinging is a trivial task, it's just a slightly more useful version of ping, but the root-user-requirment makes it a serious pain to implement.

I mean, this is simple networking code using a well-established protocol (ICMP). Would be really nice to be able to say "hey, I'm interested in sending (raw) IP messages" without having to fundamentally restructure an application.  Price of multi-user systems I suppose.

Oh well, bite the bullet and make it a setuid-safe program and figure out how to get that installed on client machines.  Or just scrap the whole direct approach on Unix and spawn 100 "ping" processes simultaneously.

Thanks for confirming my fears.  I'll never go out of the house again :) ,
Mike

_______________________________________
  Mike C. Fletcher
  Designer, VR Plumber, Coder
  http://members.rogers.com/mcfletch/








More information about the Python-list mailing list