Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Gary Winiger
gww at eng.sun.com
Mon Mar 3 11:55:24 PST 2008
> Security Impact:
>
> The original code base used a raw socket to communicate and
> required root
> access (geteuid() == 0). This has been modified to call
> priv_ineffect(PRIV_NET_ICMPACCESS)
> All uses of geteuid/getuid/seteuid have been compiled out.
I'm not sure what is being said here. If the code is checking
that it inherits net_icmpaccess, it shouldn't. It should just
make the system calls. If they fail, give a diagnostic and exit.
Gary..
P.S. nit. The updated man page says net_rawaccess. Indeed the whole
RESTRICTIONS section should read:
Successful execution of this program requires that it be granted
the net_icmpaccess privilege.
Also add to
SEE ALSO
rbac(5), privileges(5)
More information about the opensolaris-arc
mailing list