[PATCH] ping: try SOCK_DGRAM if no root privileges
Denys Vlasenko
vda.linux at googlemail.com
Thu Jan 9 15:17:38 UTC 2014
On Thu, Jan 9, 2014 at 1:35 PM, John Spencer
<maillist-busybox at barfooze.de> wrote:
>> This seems to lead to a significantly larger code.
>>
>> Making ping suid wasn't such a big problem before, so
>> why should we have all these complications now?
>>
>
> making ping suid in the context of busybox basically means "make the entire
> busybox binary suid" and that is definitely a bad idea (an example that
> comes to mind is the wall vulnerability discovered recently).
If you want to use wall applet, you will need to setuid the entire
binary anyway. Having ping applet to not need root privs won't
help one iota in avoiding triggering a bug in other applets (e.g. wall).
The only thing which you save yourself from are possible
undiscovered bugs in ping applet.
A security-paranoid project conceivably would be willing to trade more code
and complexity for added security wrt bugs.
We are size-paranoid project, not security-paranoid one.
If you are concerned about posiible bugs in ping applet, feel free to audit
its code and let me know if you find one.
More information about the busybox
mailing list