CVSROOT: /cvs Module name: src Changes by: [email protected] 2015/10/02 18:44:37
Modified files:
sbin/ping : ping.c
Log message:
ping is a setuid root priv-drop which holds a sockraw. we can tame it
substantially with "stdio inet", plus "dns" if the -n option is missing.
a successful exploit against it then cannot create files, or perform a
variety of other operations, as described in the tame(2) man page.
work with florian a while back
ok doug
