On Thu, Jan 09, 2014 at 08:03:49PM +0100, Denys Vlasenko wrote: > If you are afraid that ping may have a bug, spend time auditing ping, > not making it more ugly just because you can make such bug > impact "only lowly user".
The concern is not that ping may have a bug. The concern is that the presence of ANY suid binaries on a system vastly increases the risk of having a vulnerability (even in the dynamic linker, for example, if the suid program is dynamic-linked). Good policy is not to have any suids, and even to mount all filesystems with the nosuid option. The whole point of adding SOCK_DGRAM support to ping is to allow the use of ping (by non-root users) on such a properly configured system. Rich _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
