Re: the need for raw-network-sockets in BSD nowadays?

[Max Okumoto <okumoto@xxxxxxxx>]

Hummel Tom wrote:
> Joerg Sonnenberger schrieb:
>
> > On Fri, Apr 29, 2005 at 03:57:11PM +0200, Hummel Tom wrote:
> >
> > > > For any protocol that's not handled by the kernel or for sending
> > > > self-crafted packets. Ping uses raw sockets, so does nmap. 
> > >
> > >
> > > Ping uses raw sockets? I really doubt that, if not, why do we have 
> > > any ICMP implementation?
> >
> >
> >
> > Because providing an interface for a superset of all the ICMP userland
> > tools is easily more work than raw sockets. The kernel ICMP implements
> > all the kernel cares about, not more.
>
>
> Then all userland tools implement the rest for themselfes? where's the 
> rest of the ICMP stored?
>
> tom

Tom, I think the point they are trying to make is that
the unixes have had this feature for a long time and it
has not been a problem.  You need root to create a raw
socket.  Which is why ping is set-user-id.  In addition
there is BPF which allows you even more freedom in
generating packets.

For older windows systems the system did not include an
API access to a raw sockets there are libraries that
provided that support.

The problem is that with newer windows releases that
provide the API, it lowers the bar.  Now you don't
need to install a raw socket dll library.  In windows
almost everyone has admin level privilages, so a new
problem was "created".

In summary:

On unix systems normal users can not generate 'Bad packets'
since you need root to access raw sockets, and bpf.
Removing the APIs would limit the types of services
that the system could provide.

	The haves and the have nots.


On older releases of windows, only people that knew how to
find/download a raw socket library could generate 'Bad packets'

	The haves and the ones that are smart enough to get it.

On newer releases of windows, many normal users (have admin
privs) so the most people can generate 'Bad packets'.

	Everyone has it.