Indeed setuid looks very much like a kludge
> For instance, imagine if ping, instead of being setuid, called into dbus to load a helper daemon,...
This looks like PolicyKit. Another setuid killer is setcap:
chmod u-s /bin/ping
setcap 'CAP_NET_RAW+ep' /bin/ping
Et voilà, all these LD_AUDIT holes are plugged without even upgrading glibc. Correct? If yes why isn't ping installed like this by default?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds