Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[FreeToGo]

Correct me if I am wrong.

That's is what I get
jc@jc-desktop:~$ uname -a
Linux jc-desktop 2.6.20-15-lowlatency #2 SMP PREEMPT Sun Apr 15 07:39:03 UTC 2007 i686 GNU/Linux

jc@jc-desktop:~$ ls -l /bin/ping
-rwsr-xr-x 1 root root 30848 2007-03-05 12:25 /bin/ping

jc@jc-desktop:~$

jc@jc-desktop:~$ ping yahoo.com
PING yahoo.com (66.94.234.13) 56(84) bytes of data.
64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=22 ttl=52 time=163 ms

--- yahoo.com ping statistics ---
22 packets transmitted, 1 received, 95% packet loss, time 21005ms
rtt min/avg/max/mdev = 163.752/163.752/163.752/0.000 ms
jc@jc-desktop:~$ ping yahoo.com
PING yahoo.com (216.109.112.135) 56(84) bytes of data.
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=1 ttl=50 time=236 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=2 ttl=50 time=236 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=3 ttl=50 time=235 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=4 ttl=51 time=237 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=5 ttl=51 time=235 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=6 ttl=50 time=234 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=7 ttl=50 time=235 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=8 ttl=51 time=235 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=9 ttl=50 time=235 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=10 ttl=50 time=236 ms

--- yahoo.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9005ms
rtt min/avg/max/mdev = 234.989/236.020/237.834/0.827 ms

[wuischke]

I'm using same conversation style as my opponent.If he is willing to "label" me with "sticker" ("you're stupid, you don't know, blah-blah"), I can do the same.If someone does not likes it's own conversation style, he has to reconsider it.I will do the same then.

Please be polite and do not insult anyone. (or do it at least in an intelligent=hidden fashion)
Else today will be my monthly troll day.


OK, let's start over again with the ping thingy:
aMule is a multi-platform program. You can NOT rely on the availability of a ping executable, but you have to use your own implementation. Hence, it doesn't matter what fancy things your Linux system can do as long as e.g. Windows cannot do this.
In contrast to windows, on Unix systems the first 1024 ports are reserved to root and cannot be easily used by normal users.
Short explanation of *nix terms: "setuid root" - the binary will be executed with the rights of the owner of the binary - root owns ping, thus ping has the rights of root.
Now there are solutions (like e.g. Apache IIRC) who start as root to reserve the ports and later drop rights, but this is not possible for aMule as you would need ping rights the whole time.
The only thing I can imagine is a single thread with the necessary rights, but I don't know if that's easily and securely possible.

[Lame_azz]

THE PING BINARY IS SETUID ROOT.

Kry, don't be nervous please.That's not what I'm want to achieve.Well, YES, I READ YOUR REPLY ABOUT PING AND SUID, UNDERSTOOD IT, CHECKED IT and even agreed that I was wrong and lame.So there is no need to repeat this.But did YOU read my comments?I did listed other options, see above.
1) Probably aMule can start as root, create this damn priveleged socket, drop root rights with setuid and setgid and go on as normal unprivileged user.At least that's how security-sensitive daemons like http servers are working and almost nobody complains about their security.
2) UDP ping seems to be an option.Mods are using it as well.We probably can use high local UDP ports so we do not have to be root to do UDP pings.
3) Finally as poor but no-overhead, no-security-crap and no-any-new-fuc__ing_sockets solution you can measure roundtrip times.This solution has certain drawbacks but still better than no any flow control at all.This thingie called SUC if I'm remembering well (Smart Upload Control).

So, as for me looks like there is plenty of options.Another question is if you're do not like feature or just do not want to implement it.This is surely OK since you're not a my personal slave - I can just OFFER some feature, you can reject it.That's OK.But if you're using technical arguments like "that's impossible", try to read a reply, then.

P.S. when talking about security, I can understand why you want to keep aMule secure.But er, it is up to me to decide which level of security I'm want to have in my system as a whole.I see no major security problem for me if some program starts from root but then drops the rights quickly after doing priveledged things since hackers will obtain user rights, not a root just in case.And surely default setup should be secure.So, at very most, normal user should get a warning that raw socket creation has failed and feature should be disabled if user starts aMule as restricted user.Actually no security problems here except for those who launched it as root and even then, once root rights dropped quickly, there is no security problems.

P.P.S. Sorry, but you're looking a bit like a M$.These nasty morons are always deciding what is better for their users without providing any power to override their fu**ing decisions and without actually learning any users opinitions.That's why almost everyone hates M$.I'm really hope you're will not follow The One Microsoft Way.

[Vollstrecker]

I knew that some linux system required  privileged access to run "ping" and firewall could sometimes prevent ping from functioning properly.

Not some, all that are not modified by the user, and this are changes the most people can't do, and the ones that can know why they aren't doing it.

But what I don't know is what is the situation of the majority linux users of amule. Based on distrowatch, the most popular distros nowadays are Ubuntu, OpenSuSe and Fedora. In Ubuntu, ping doesn't require root privileges.
 

It requires root privileges. As Kry stated in an early state if this thread, the binary is SetUID root, that's the reason why people think "I can ping as user".

I see ping based bandwidth control as an good options for amule users. As long as it is an option, it should be able to let users decide for themselves whether they want to enable it or not.

If this is an option, you have some alternative ways to implement that.

1. Call the ping binary you have installed. You would have another dependency and have to have an option to choose where it resides. Not good, but for me the way I hate less than the others.

2. Implement the pinging directly into aMule. To get it work, you have again two options:

2.1 Call aMule as root

2.1.1 Do some xhost or magic-cookie voodoo to get it in your X display and explain "joe average" how to do so.

2.1.2 Run X as root  - No Comment

2.2 Make aMule binary SetUID root - Not Really, or?


P.S. I do as lame_azz told me. I read his post as "Ignore me, my setup is the most common out there and you're a fool", go back to Windows, it's lame too.

[Vollstrecker]

jc@jc-desktop:~$ ls -l /bin/ping
-rwsr-xr-x 1 root root 30848 2007-03-05 12:25 /bin/ping

If you didn't want to proove what Kry stated, then you either have no clue about the rights on unix, or you missed to modify this line. In first case: You see the s on the place of the execution bit of the owner? That means, that the programm, regardless who calls it, is run with the rights of the owner.

[Lame_azz]

Please be polite and do not insult anyone. (or do it at least in an intelligent=hidden fashion)
Else today will be my monthly troll day.

Okay, I'll try.But as a moderator you have to keep others doing the same.Let's admit I'm actually do not attacking anyone first - I'm just defending from unfair attacks at very most.

OK, let's start over again with the ping thingy:
aMule is a multi-platform program. You can NOT rely on the availability of a ping executable, but you have to use your own implementation.

I'm not as stupid as you may think   and aware of it for sure.

Hence, it doesn't matter what fancy things your Linux system can do as long as e.g. Windows cannot do this.

Windows surely can ping.Some time ago I even tested few eMule mods implementing pinging feature.It works.Windows can do this.And I liked how it works.So I offered this for aMule as well.

In contrast to windows, on Unix systems the first 1024 ports are reserved to root and cannot be easily used by normal users.

For sure.But look, I have lighttpd on port 80 and 3proxy on another low port on my Linux machine.They are launched by root but later running as two different and very restricted users.But still listening on priveleged ports.So it is possible and works - they just do setuid and setgid after priveleged port was opened and then continue as a new, very restricted user.And well, they both can run on Windows as well, of course without executing this trick which is not needed in Windows .Once under Linux I setted up both daemons by hands I got some view of Linux security.It is waste of time to explain me Linux security basics - I learned it already.As well as some IPtables thingies, etc.

Short explanation of *nix terms: "setuid root" - the binary will be executed with the rights of the owner of the binary - root owns ping, thus ping has the rights of root.

I do know this.I just was a bit lame and missed the fact ping binary is suid so I wrote wrong statement (sic!).After first Kry post I re-checked it and agreed I was somewhat lame.This is not a fair reason to beat me for a whole 2 days imho and not a reason to think I'm an idiot or totally lame.

Now there are solutions (like e.g. Apache IIRC) who start as root to reserve the ports and later drop rights, but this is not possible for aMule as you would need ping rights the whole time.

Umm, but why can't aMule to keep allocated socket open and then drop rights withot closing the socket?It is not possible for raw sockets and they somehow different here?And well, read my previous post - there is other options anyway like UDP ping and round-trip times measures.

The only thing I can imagine is a single thread with the necessary rights, but I don't know if that's easily and securely possible.

Why we can't open socket and then drop rights?We have to close it for some reason or what?

[wuischke]

OK, Guys. We're finished, aren't we?

Let's close this by creating a formal Feature Request in the bug tracker and stopping this discussion.

---

Edit: Further discussion please in channel #amule @ irc.freenode.org

Edit: Reopended upon request.

[Kry]

Opening the app with setuid root is not an option, as I stated before.
One of the MULTIPLE reasons for this is that the socket creation happens AFTER all the app setup. If anyone finds a vulnerability there, anything they can do or execute will be done with uid 0. that is so disastrous I cna't even start to think about it. Not to mention that I'd love to see you try and convince any distro or packager to include a setuid flagged aMule. Hah.

So, SETUID: not an option. ICMP Ping: not an option.

UDP ping is not an option either. Who are you supposed to ping for the UDP ping? You can't ping your ISP router with UDP. UDP is software-level, so no, UDP ping is not an option. I'm not including any DDoS usable feature with aMule.

So, UDP ping: not an option.

Roudtrip times: laaaaaaaaaaaaaame. The depend on the other end response, on routing, on the congestion on the network, and a million different parameters. Not an option. Not to mention they would and an infinite amount of complexity to the code, for no gain.

So, roundtrip times: not an option.

Total results: no options.

Current work: The kernel notifies aMule when there is free bandwith to send data. aMule sends it, up till the kernel says that the line is busy. Then it stops till the kernel notifies it again that there is free bandwith.

That's quite optimal imho.

[Lame_azz]

Opening the app with setuid root is not an option, as I stated before.

One of the MULTIPLE reasons for this is that the socket creation happens AFTER all the app setup. If anyone finds a vulnerability there, anything they can do or execute will be done with uid 0.

Once all networking done after sockets created (and rights dropped) I see no huge security holes here.That's how lots of network daemons are working.At least, remote hackers will gain nothing - even if they'll manage to cause problems and execute code, aMule runs as restricted user at this point.Yes maybe there is option to craft some data (downloads?) in unfair manner so aMule will encounter problem on startup, this is quite improbable, hard to use and even if this done without root rights by remote I will be pretty unhappy with it (for example, attacker will be able to delete my downloads, use me to spread most prohibited warez\child porn, etc).As for local users, and rights escalations I'm will never allow any untrusted user to use P2P app on my computers.What if user will download and spread child porn or very prohibited warez?Then my ass will be kicked because it is my computer.What a funny method to get jailed instead of someone else.That's where real security comes in play - P2P app launched by untrusted user on your computer is a major security issue on it's own.Maybe other security considerations here?Let me know, I'm really want to see my faults - it is always useful to learn.

that is so disastrous I cna't even start to think about it. Not to mention that I'd love to see you try and convince any distro or packager to include a setuid flagged aMule. Hah.

You do not have to do it as default setup, nooo! .It is up to user to deal with this issue if he wants to use such feature.Features like this are not intended for totally dumb users.And those who know what he want to acheive will be able to resolve this problem on its own.You just to display proper message to log and add warning near feature configuration

UDP ping is not an option either. Who are you supposed to ping for the UDP ping? You can't ping your ISP router with UDP. UDP is software-level, so no, UDP ping is not an option.

Hmm.Do you know what happens when you're sending UDP packet to closed port according to standards?Yes, you will get ICMP reply - "connection attempt refused".And at least usual *nix socket should return an error (ECONNREFUSED afaik) due to this fact when things done properly.You definitely can measure time between packet was send and you got socket error.Voila.You got some sort of tool to measure ping times.Almost any host will reply, except those who is firewalled this port and firewall just drops packet instead of rejecting.And well, this works.You probably use this sometimes.FYI, that's how *nix traceroute works, IANA assigned UDP port is 33434 to use for this purposes (it is expected it should not be used by apps!).Windoze traceroute uses ICMP instead of UDP though.Both methods are working anyway.

I'm not including any DDoS usable feature with aMule.

Argh, instead of posting such things please, take a look on how UDP ping is implemented in the mods.It is actually some sort of adapted traceroute and you're choosing "windows-like" ICMP pinging vs "*nix-like" UDP pinging.There is no central point to ping, so nobody will be ddosed except some closest router(s) which will have to pass all your traffic anyway as their day-to-day job so it is hardly can be called a DDoS.For example in MorphXT these files named Pinger.cpp and Pinger.h, there is some windows-specific crap but you can get rid of it.And well, it is good idea to keep this feature switched off by default.Extra overhead suxx anyway so this should be only enabled someone only if he really needs to.Some channels do not have troubles with high ping when saturated -- no need to send extra data without a reason.

Note:actually things a bit more complex than I explained, take a look on mentioned sources.You may like search through source with "SpeedSense" phrase.

So, UDP ping: not an option.

Since UDP pinging requires nothing special from remote hosts and actually nobody is ddosed, maybe you can take a closer look on it?

Roudtrip times: laaaaaaaaaaaaaame. The depend on the other end response, on routing, on the congestion on the network, and a million different parameters. Not an option. Not to mention they would and an infinite amount of complexity to the code, for no gain.

Yes, it does not works very well (only when you have enough peers and still may be inaccurate and still a bit slow with bandwith control reaction speed).But better than no bandwith management at all.About infinite amount...if modders did implemented it, it is surely not infinite.

So, roundtrip times: not an option.

It is an option but worse than "real" ping.And this is increadible technique since no any extra data is being sent.

Total results: no options.

Hey, maybe take a look on option closer before making such conclusions?Except case when you're not willing to implement it for non-technical reasons.Of course you do not must to do anything users asking for.But you do not have to argue this by technical impossibility when there is such possibility and bunch of eMule mods implements these "impossible" techniques.

Current work: The kernel notifies aMule when there is free bandwith to send data. aMule sends it, up till the kernel says that the line is busy. Then it stops till the kernel notifies it again that there is free bandwith.

When there is more than one machine, kernel has no idea how much traffic goes from other machines.This leads to complete channel saturation.Ping getting pretty high.Web browsing getting slower than on dial-up since you have to send HTTP GET requests first and only then will have a responce and once round-trip time is big (since upload channel is saturated) round-trip time is big.Using traffic shaper helps a bit but as I mentioned, shaper works quite poorly with 256Kbit upload channel.

That's quite optimal imho.

As for me, it looks like completely unoptimal for my channel when co-operating with other software and there is no real options to tweak this behavior today.Setting speeds lower before you're about to browse web by hands definitely suxx.Especially if more than one user in the home are using internet.It is pain in the ass to bother someone "please, reduce your aMule bandwith!I'm wanna to browse web!I need upload file!".

[Kry]

... you just refuse to see what I type.

There is no point in explaining you things, because you see them your way, period.

Let me add that your point was that users without knowledge should be able to do this, yet you acknowledge that setuid can't be enabled by default, and that UDP ping can't be enabled by default. so no advantage for common users. For you, maybe, but then again, advanced users should know how to trafic shape their network.

Is not that I don't want to implement it, is that there is no point on implementing it. And you fall on inaccuracies and wrong statements, and defend the mods for doing what they do. Well know what, there is a reason mods do some things... and official eMule doesn't. They are 99% good reasons, and 1% lack of time.

[FreeToGo]

Thank u Vollstrecker, I eventually understand what I have misunderstood. I see it no harm to call the ping binary inside amule while they are talking about implementing ping inside amule.

Pardon me for mistaking Kry's argument. I am convinced that Kry has a good reason to decline the request to implement ping inside amule.

1. Call the ping binary you have installed. You would have another dependency and have to have an option to choose where it resides. Not good, but for me the way I hate less than the others.

[Lame_azz]

... you just refuse to see what I type.

No, I'm not.Maybe I just read some parts not very carefully at very most.But you doing exactly same, isn't it?

There is no point in explaining you things, because you see them your way, period.

As for me, please sorry, but it looks like you simply fail to provide any strong technical reasons to prove that implementation is not worth and that there is any real technical reasons against it.Instead, you're reverting to hardcoded "you are an idiot" position - kinda standard people behavior when there is no real technical arguments left.I can't understand this.

As for me, after some hours of googling, learning a dozen of eMule and unix sockets sources, getting idea what was implemented in eMule pinger, RTFMing, etc I can say that it looks like there is an option to implement what eMule calls "UDP ping", for example, without any major headaches.This not requires root at all, you have just to create usual UDP socket, send packet to non existing port, get reject and measure time between packet send and error returned.Surely impossible.But implemented in mods... er, wait!What? Pinger is also implemented in aMule 0.47c itself.What a funny discovery 

So, excuse but it looks like you just already decided for whatever reasons "it will not be implemented" and trying to use any reason to prove it.This seems to fail though, so you're sticking to "you're an idiot" conversation style without even bothering yourself to prove your words.

Let me add that your point was that users without knowledge should be able to do this,

Prove your words please, instead of just personal attacking me.Where I did mentioned this point?At very most you misunderstood something since English is not my native language so I maybe constructed sentence in poor manner.Can you quote sentence where I asked this?

As for me, I'm thinking ping should be used only somewhat skilled users who at least has idea what is is and how this will work.This required, since you have to set up ping tolerance times according to channel capabilities.

yet you acknowledge that setuid can't be enabled by default, and that UDP ping can't be enabled by default.

Yes, launching as root by default is BAD idea since this only required for some users and potentially a bit less safe.And pinging everything by default is bad idea as well since not each channel needs this and this adds some (small but still existing) overhead.

If you think that I made statement which contradicts to these words, you have to prove it.Please, give me a quote where I insisted you should run aMule as root BY DEFAULT or where I insisted that ping should be on BY DEFAULT.I gust admitted it is a good idea to have these options.Everything else is on your own, I did not told these options should be DEFAULT ones.

so no advantage for common users. For you, maybe, but then again, advanced users should know how to trafic shape their network.

Well, then, maybe you will be kind enough to tell why official eMule 0.47c is implementing these techniques?Or you will just stick to "you're an idiot" tactic again to skip commenting on this?

Is not that I don't want to implement it,

Are you sure?Really?As for me, it looks like you're just trying to find technical reasons for a 2 days.And when this fails (since I'm being an asshole and offering things which are definitely possible to implement from technical side) you're sticking to "you're an idiot" argument due to lack of another arguments.This isn't funny.

is that there is no point on implementing it.

Argh, come on, tell us, why official eMule did implemented this feature then.Yes, I was forced to grab eMule 0.47c source, take a look and yes, there is such feature in Extended options.But for Kry "there is no point" to implement it.I'm asking "why"?And getting answer "because you're an idiot".I'm like such discussions, yep 

And you fall on inaccuracies and wrong statements, and defend the mods for doing what they do.

If we are about to talk about accurate statements, then come on, grab official eMule 0.47c sources (and if you have Windoze box, binary as well) and take a look on them.There is these pinging options, they once were adopted from some mod.Now these features are official so asking to port them is at least reasonable.Now, you can't say any longer that I'm asking to tweaks intended just for my channel only, I guess.So, what about inaccurate and wrong statements?Are your statements 100% accurate, correct, etc so you're beating me whole 2 days like a hell?Or you're attacking first, beating for 2 days and only then evaluating if you're really right with these actions?

Well know what, there is a reason mods do some things...

For sure.They're experimenting.And sometimes manage to make things better.If improvement is really worth, it sometimes implemented in "mainline" official eMule.

and official eMule doesn't.

But it does!And please, do not tell "you're an idiot" once more.I'm already aware of your opinition about my lame ass - no need to repeat this statement (you can try to prove your statement ... if you can ).

They are 99% good reasons, and 1% lack of time.

But features I'm talking about is not a case.They were backported to official eMule.Just grab a source and look yourself (Pinger.cpp and Pinger.h is a goot point to start).Then, we can talk about accurate statements a bit more, if you wish.

[Kry]

... look

I never called you an idiot.

Yet you say I do.

So I will do it now.

You're an idiot.

You're a fucking idiot. A fucking deaf idiot.

If you're going to use UDP ping, WHICH HOST ARE YOU PLANNING TO PING?

WILL YOU RESPOND TO THAT?

FUCKING IDIOT?

Maybe caps are more your style.

[Lame_azz]

I never called you an idiot.

Not important, duh.

Yet you say I do.

You not directly did this, but well, overall conversation style from your side was intended to show me exactly this phrase, isn't it?

You're a fucking idiot. A fucking deaf idiot.

Why bother yourself telling me your opinition about me again and again?I'm already aware of it for a while thanks to your conversation style.

If you're going to use UDP ping, WHICH HOST ARE YOU PLANNING TO PING?

Read the source, Luke .You will not read my answer on this anyway so typing it seems to be waste of time.

P.S. you skipped all "uncomfortable" questions.So, discussion is getting boring.I'm probably about to stop bothering here since discussions around "idiot" word isn't damn interesting for me anyway.

[Kry]

*SIGH*

The only one avoiding a question is you.

And it's a good damn question, at that.

So answer it.

(P.S: The eMule implementation uses ICMP. Never think I don't know what I'm talking about. We can't use ICMP as stated above, like it or not. That's why I ask questions about *UDP* which is NOT on eMule.)

(P.P.S: Idiot)