Yesterday, Benjamin Scott gleaned this insight:
> Well, I guess I got my question answered!
>
> I'll follow that up by saying: Why the heck isn't there a safe interface to
> ICMP, so ping doesn't have to be SUID root? :-)
I'll offer that an SUID program is NOT inherently dangerous. ping is a
fairly small, uncomplicated program that should, in theory, be easy to
secure from stack smashes and other such nonsense. A well-designed SUID
program is not a danger. If it were, all processes run as root would be
inherently dangerous, and you could never manage your system.
Despite this, and as much as I respect Linus, I think the non-excecutable
stack patch should be incorporated into the kernel proper. His argument
is something like "adding it is like inviting people to write bad
code, and leaving it out encourages better code."
I think this is unrealistic. Lots of people write code; some good, some
not so good. No one can analyze every peice of code ever written, and
after all people, we all have a job to do. So it's inevitable that
someone is going to run code that has buffer overflows, and probably lots
of someones. We should have some protection from this, other than to
simply say "well go write code that works better."
I guess I'll get off my soapbox now... :)
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
