• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Ping Permission Problem
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ping Permission Problem

  • Subject: Re: Ping Permission Problem
  • From: Duane Murphy <email@hidden>
  • Date: Wed, 15 May 2002 08:52:38 -0700
--- At Wed, 15 May 2002 15:53:06 +0100, Terry Smyth wrote:
>My application uses Ping to check network connectivity before launching a
>browser at a particular URL. I'm following the sample code OTPingSample, and
>all works fine on OS 9 and X up to OS X 10.1.3.
>
>The problem starts in OS X 10.4, when I open try to open a raw IP endpoint,
>I get an error -3200 (Permission denied).
>
>*ep = OTOpenEndpointInContext (OTCreateConfiguration(kRawIPName),
>(OTOpenFlags)NULL,NULL, &err, NULL);
>
>
>I presume this is due to improved security checks barring raw IP
>connections, but does anyone know how I can get around it, so that I can
>send a ping, and look for the response?

Ping should not have worked on any version of OS X. Opening a raw IP
endpoint has always been illegal for a normal user. I suspect you may
have been running as root (DANGER DANGER Will Robinson).

In order to open a raw IP endpoint you need to be root. I think Apple has
posted sample code and recommendations for doing authorized activities.
Look for something called AuthSample.

There are a couple of solutions to this however.

(1) Just run the ping command line tool. Its already suid root so it
requires no authentication. You can just check the result code if all you
want is reacability. Otherwise you have to do a little parsing of the
output if you want more.

(2) You'll have to write a seperate tool to do the work for you. This
seems kind of silly as there is already the ping tool. But if you want/
need/have to do this then I would suggest reading up in Unix Network
Programming on Passing Descriptors (14.7). By passing descriptors, your
authorized tool will only be a few lines as the only thing you need to be
authorized for is opening the socket. The tool is run with authorization,
opens the socket, and passes it back to the parent application.

If you search in the archives you should find more information about
this. In particular a note from Peter Sichel describing other seriously
nasty side affects caused by the Finder not copying suid applications ( I
would call this a bug, Apple apparently thinks that this is a feature).

All in all the simpler solution is to just run the ping tool in OS X.

...Duane Murphy
Efficient Networks, Inc.
<http://www.efficient.com/>
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
References: 
 >Ping Permission Problem (From: Terry Smyth <email@hidden>)

  • Prev by Date: Ping Permission Problem
  • Next by Date: Re: Ping Permission Problem
  • Previous by thread: Ping Permission Problem
  • Next by thread: Re: Ping Permission Problem
  • Index(es):
    • Date
    • Thread