[PATCH] ping: try SOCK_DGRAM if no root privileges
Rich Felker
dalias at aerifal.cx
Fri Jan 10 01:06:16 UTC 2014
On Thu, Jan 09, 2014 at 08:03:49PM +0100, Denys Vlasenko wrote:
> If you are afraid that ping may have a bug, spend time auditing ping,
> not making it more ugly just because you can make such bug
> impact "only lowly user".
The concern is not that ping may have a bug. The concern is that the
presence of ANY suid binaries on a system vastly increases the risk of
having a vulnerability (even in the dynamic linker, for example, if
the suid program is dynamic-linked). Good policy is not to have any
suids, and even to mount all filesystems with the nosuid option.
The whole point of adding SOCK_DGRAM support to ping is to allow the
use of ping (by non-root users) on such a properly configured system.
Rich
More information about the busybox
mailing list