Stuart Henderson <s...@spacehopper.org> wrote: > On 2020/12/15 16:33, Theo de Raadt wrote: > > Jan Klemkow <j.klem...@wemelug.de> wrote: > > > > > On Tue, Dec 15, 2020 at 03:43:38PM -0700, Theo de Raadt wrote: > > > > Jan Klemkow <j.klem...@wemelug.de> wrote: > > > > > > > > > for frequent performance test it would be nice to just start tcpbench > > > > > as a regular service. tcpbench gets an extra user and group with this > > > > > diff and is already pledged to "stdio". Thus, there should be no > > > > > security risk to do this even in hostile environments. > > > > > > > > You're kidding me. If someone starts this in a hostile environment, > > > > their > > > > network/host will be flattened. > > > > > > You are right, someone can use this, to flood a link. But, you can > > > flood someones link with traffic anyway, as botnets do it, or? > > > > It is not the same at all, because tcpbench will attempt to flow maximum > > traffic in both directions. No other service has that behaviour. > > > > -s just throws the packets away, it does not transmit
Regardless, I still don't think it makes any sense placing a debugging feature into the hands of people who don't know what they are doing.
