Why are executables on Linux allowed to have a bit set to hand them root privs when exec'd? Because fuck you, that's why.
-
-
Replying to @RichFelker @SwiftOnSecurity
IMO that's b/c there's no fine-grained way to grant privs. capget()/capset() only since Linux 2.2 & nonportable
2 replies 0 retweets 0 likes -
Replying to @bofh453 @SwiftOnSecurity
Caps are just as bad, false sense of security @ cost of major complexity. Most yield root-like power easily.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @SwiftOnSecurity
I'll agree 2/3rds of them being far too powerful but it mostly pisses me off that I need root to bind SOCK_RAW.
1 reply 0 retweets 0 likes -
Replying to @bofh453 @SwiftOnSecurity
Recent Linux has SOCK_DGRAM ICMP support. Does that help?
2 replies 0 retweets 0 likes -
Otherwise, a persistent tun/tap device with right chmod can be used to let users generate raw packets.
2 replies 0 retweets 2 likes -
Replying to @RichFelker @bofh453
presumably after level 2 bridging to your eth device?
1 reply 0 retweets 1 like
Or routing, depending on your needs.
3:53 PM - 1 Mar 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.