Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Dan Hain (Work)
Daniel.Hain at sun.com
Wed Feb 27 20:22:04 PST 2008
Scott Rotondo wrote:
> Daniel Hain wrote:
>
>> Security Impact:
>>
>> The program uses a raw socket to communicate and requires root
>> access
>> (geteuid() == 0).
>>
>
> 1. Of course, you really mean that it requires sufficient privilege to
> use a raw socket. Please confirm that there will be no geteuid() == 0
> check in the code.
Yes, it requires sufficient privilege to use a raw socket. The actual
line is "if( geteuid() )", so it's not good. The goal was to minimize
the changes to the open source, however if that is not an option here I
can make the changes that are needed.
>
> 2. If the program is only usable by a privileged user, might it belong
> in /usr/sbin instead of /usr/bin?
I think that is more appropriate.
Thanks,
Dan
More information about the opensolaris-arc
mailing list