Re: drop privileges to nobody is pinging as root
This is a discussion on Re: drop privileges to nobody is pinging as root within the mailing.openbsd.tech forums, part of the OpenBSD category; --> > IIRC OpenBSD usually uses separate users for each app that drops/separates > privileges. So a consequential implementation would ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 08:22 AM
| ||||
| ||||
 Re: drop privileges to nobody is pinging as root > IIRC OpenBSD usually uses separate users for each app that drops/separates > privileges. So a consequential implementation would use a user _ping > instead of reusing nobody in a questionable way. But of course the > question is valid whether that's worthwhile compared to the theoretical > risk (low under OpenBSD anyway) that root runs ping and the other host > could exploit it using crafted response packets. You have not understood the difference between priv-revocation and priv-seperation. Your diff does not help anything.      |
 |
« Re: More nits (was Re: reentrant variants of gethostbyname2/gethostbyaddr)
|
Re: drop privileges to nobody is pinging as root »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 07:53 PM.
