Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
James Carlson
james.d.carlson at sun.com
Thu Feb 28 04:28:31 PST 2008
Nicolas Williams writes:
> On Wed, Feb 27, 2008 at 05:41:21PM -0800, Scott Rotondo wrote:
> > 2. If the program is only usable by a privileged user, might it belong
> > in /usr/sbin instead of /usr/bin?
>
> OT (Reply-To set):
But ignored. ;-}
> Waaa. I hope the ARC gets around to setting a precedent for placing
> low-risk in /usr/bin instead of /usr/sbin.
We have a precedent. Things that are useful only for the system
administrator go in /usr/sbin. Things that are useful for regular
users go in /usr/bin.
That precedent is documented on the filesystem(5) man page.
It has nothing to do with privilege or risk. The only question to
answer here (for this issue) is whether fping is useful for ordinary
users. If it's not, then /usr/sbin would be the right answer.
As for the privilege check, the reason the code does this is not that
what it's doing requires special privilege (though it does). The
reason is that the utility itself is mostly evil. Most users
generally don't want people scanning subnets at high rates, looking
for hosts to attack.
The code has checks on the options to try to stop "mortals" from
abusing the utility, but I think it's a fair question to ask whether
'we' (collectively) want this at all -- particularly as a bundled part
of the system delivering from SFW.
And I'm not sure this is a fast-track. It doesn't seem entirely
obvious or non-controversial to me ...
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list