Integrate fping into Solaris [PSARC/2008/160 FastTrack timeout 03/05/2008]
Scott Rotondo
scott.rotondo at sun.com
Mon Mar 3 14:27:16 PST 2008
Gary Winiger wrote:
>> Security Impact:
>>
>> The original code base used a raw socket to communicate and
>> required root
>> access (geteuid() == 0). This has been modified to call
>> priv_ineffect(PRIV_NET_ICMPACCESS)
>> All uses of geteuid/getuid/seteuid have been compiled out.
>
> I'm not sure what is being said here. If the code is checking
> that it inherits net_icmpaccess, it shouldn't. It should just
> make the system calls. If they fail, give a diagnostic and exit.
Indeed. Sorry if my previous comment was unclear on this point.
The man page should document the required privileges, but the code
should just assume it has the necessary privileges, make the system
calls, and report the errors that occur.
Scott
More information about the opensolaris-arc
mailing list