Why are executables on Linux allowed to have a bit set to hand them root privs when exec'd? Because fuck you, that's why.
Caps are just as bad, false sense of security @ cost of major complexity. Most yield root-like power easily.
-
-
I'll agree 2/3rds of them being far too powerful but it mostly pisses me off that I need root to bind SOCK_RAW.
-
Recent Linux has SOCK_DGRAM ICMP support. Does that help?
-
Otherwise, a persistent tun/tap device with right chmod can be used to let users generate raw packets.
-
presumably after level 2 bridging to your eth device?
-
Or routing, depending on your needs.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.