[PATCH] ping: try SOCK_DGRAM if no root privileges
Denys Vlasenko
vda.linux at googlemail.com
Thu Jan 9 19:03:49 UTC 2014
On Thu, Jan 9, 2014 at 7:15 PM, Laurent Bercot <ska-dietlibc at skarnet.org> wrote:
>> An attacker who only manages to subvert your user account,
>> of course, can't get at the precious things like /usr/bin/* files
>> and modify or delete them.
>>
>> He can only read your locally saved emails,
>> browser's cache and saved passwords
>> of your bank website login.
>>
>> Oh, wait...
>
> Eh, I didn't pretend that security holes weren't serious to begin
> with. But an attacker who finds a hole in a setuid root binary can
> gain access to *every user*'s personal data,
Which often means "the only user of this machine".
> and cover his tracks,
> and so on. Root exploits are an order of magnitude more problematic,
> which doesn't mean that user exploits are fine.
They were order of magnitude more problematic
when multi-user machines were the norm.
Today, the difference in the level of impact is less pronounced.
That's my point:
It is not logical anymore to see root exploits as orders of magnitude
more dangerous than user-level ones, and spend much more efforts
to prevent specifically these exploits to be used.
If you are afraid that ping may have a bug, spend time auditing ping,
not making it more ugly just because you can make such bug
impact "only lowly user".
More information about the busybox
mailing list