Den 01/10/2012 kl. 13.08 skrev Konstantin Belousov <[email protected]>: > > I do not believe in the dreadful 'flood ping' security breach. Is a > local escalation possible with non-dropped root ?
No idea. Reading the code, I see some functionality the author decided should only be accessible to root users. There's 600 lines of code left in main() and I'm not skilled enough to see if there are any potential exploits left. If it's not a security breach then I'm on the wrong list, but I guess it still leads to unintended behavior if setuid() fails? Erik_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
