Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Glenn Brunette
Glenn.Brunette at sun.com
Thu Feb 28 05:05:28 PST 2008
James Carlson wrote:
> As for the privilege check, the reason the code does this is not that
> what it's doing requires special privilege (though it does). The
> reason is that the utility itself is mostly evil. Most users
> generally don't want people scanning subnets at high rates, looking
> for hosts to attack.
>
This is really a non-issue for me. If you want people scanning subnets
at high
rates, just split your list into chunks and run multiple pings on a
Niagara 2 :-)
Seriously, we must also consider that we have this functionality already in
Solaris in the form of nmap (see: -sP) so I do not see adding fping as
all that
controversial in this sense. nmap can scan hosts, networks and can read
targets from a file.
> The code has checks on the options to try to stop "mortals" from
> abusing the utility, but I think it's a fair question to ask whether
> 'we' (collectively) want this at all -- particularly as a bundled part
> of the system delivering from SFW.
>
> And I'm not sure this is a fast-track. It doesn't seem entirely
> obvious or non-controversial to me ..
I have been an user of fping for years and I know others in the old SunPS
security team were in the same boat. It is useful for legitimate
purposes and
functionality like this would be great in Solaris - although with nmap
already
integrated its value is lessened. The biggest difference from my
standpoint is
that the nmap output is not as scriptable (nmap's 'grep' output format
is the
closest fit but would require some additional parsing to get what you want).
This alone may be worth adding fping or adding fping functionality to ping.
Just wanted to throw in my $0.02 (for what that's worth these days) ;-)
g
More information about the opensolaris-arc
mailing list