[PATCH] ping: try SOCK_DGRAM if no root privileges

Laurent Bercot ska-dietlibc at skarnet.org
Thu Jan 9 18:15:45 UTC 2014


> An attacker who only manages to subvert your user account,
> of course, can't get at the precious things like /usr/bin/* files
> and modify or delete them.
>
> He can only read your locally saved emails,
> browser's cache and saved passwords
> of your bank website login.
>
> Oh, wait...

  Eh, I didn't pretend that security holes weren't serious to begin
with. But an attacker who finds a hole in a setuid root binary can
gain access to *every user*'s personal data, and cover his tracks,
and so on. Root exploits are an order of magnitude more problematic,
which doesn't mean that user exploits are fine.

-- 
  Laurent



More information about the busybox mailing list