Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Garrett D'Amore
gdamore at sun.com
Tue Mar 4 08:33:19 PST 2008
Darren J Moffat wrote:
> James Carlson wrote:
>> Nicolas Williams writes:
>>> On Wed, Feb 27, 2008 at 05:41:21PM -0800, Scott Rotondo wrote:
>>>> 2. If the program is only usable by a privileged user, might it
>>>> belong in /usr/sbin instead of /usr/bin?
>>> OT (Reply-To set):
>>
>> But ignored. ;-}
>>
>>> Waaa. I hope the ARC gets around to setting a precedent for placing
>>> low-risk in /usr/bin instead of /usr/sbin.
>>
>> We have a precedent. Things that are useful only for the system
>> administrator go in /usr/sbin. Things that are useful for regular
>> users go in /usr/bin.
>>
>> That precedent is documented on the filesystem(5) man page.
>>
>> It has nothing to do with privilege or risk. The only question to
>> answer here (for this issue) is whether fping is useful for ordinary
>> users. If it's not, then /usr/sbin would be the right answer.
>>
>> As for the privilege check, the reason the code does this is not that
>> what it's doing requires special privilege (though it does). The
>> reason is that the utility itself is mostly evil. Most users
>> generally don't want people scanning subnets at high rates, looking
>> for hosts to attack.
>
> We already have /usr/bin/nmap (not installed setuid though).
>
See also the recent (not yet approved) case for mtr. I'm going to raise
a few points on that case, because many of the issues there are similar
to the ones raised here.
-- Garrett
More information about the opensolaris-arc
mailing list