[PATCH] ping: try SOCK_DGRAM if no root privileges
Laurent Bercot
ska-dietlibc at skarnet.org
Fri Jan 10 21:33:56 UTC 2014
On 2014-01-10 19:27, Rich Felker wrote:
> Note that this kind of approach STILL does not protect you from
> vulnerabilities in the dynamic linker (avoiding them would require
> making both the wrapper and busybox binary static-linked)
Which is the case for me.
> or libc startup code (inevitable).
I'm using musl, it looked like a good, paranoid libc; maybe I was
lied to ? :-O
> [dangers of suid]
> This is why I want to see a ping that works without suid.
So do I. I also want to write a simple user database backend (with
its own getpwent() implementation) so that passwd doesn't need to
be setuid root. And a Unix-socket-based "su" daemon with credential
passing, and terminal passing too. And rewrite qmail-queue as a
Unix-socket-based daemon. And a non-setuid traceroute. And a pony.
In the meantime, I also want a usable, working system. As Denys
noted, cleansing the existing codebase of setuid is an energy- and
time-consuming practice; in the name of good compromise between
practicality and security, I will still use the setuid binaries I need
until I've replaced them (or, better, until you and John have done all
the hard work for me), while making sure privileges are only gained
when they are strictly required.
--
Laurent
More information about the busybox
mailing list