Kev wrote:
> >According to the ping.c source code, one of the bugs is that:
> > This program has to run SUID to ROOT to access the ICMP socket.
> >
> >Presumably if REBOL were to implement ICMP, the same condition
> >would apply. There *could* be some security issues there.
Russ wrote:
> Interesting... under Linux (my only contact with Unix-like O/S) one need not
> be SU to ping. hmmm...
Right, but if you check the permissions of the ping binary, you'll
find:
-r-sr-xr-x 1 root bin 17328 Sep 30 1998 ping* [Linux]
-r-sr-xr-x 1 root bin 139264 Jul 28 15:09 ping* [FreeBSD]
-rwsr-xr-x 1 root 16446 Oct 14 1994 ping [SunOS414]
^
Note that the SUID bit is set, so that when the program is executed
(by anyone) it effectively runs as the root user with full root
permissions. If REBOL were installed with the SUID bit set, it too
could access the ICMP socket, but then any script run would be run
with full root access on the server. *That* would be a huge
potential security problem.
Kev
------------------------------------------------------------------------
Kevin McKinnon, System Administrator/Chief Engineer [EMAIL PROTECTED]
Interactive Netcasting Systems, Inc. http://www.insinc.ca
"If God meant man to fly, He'd have given him more money."
PGP Public Key: http://www.dockmaster.net/pgp.html PGP 6.0 www.pgp.com
