On Sun, Dec 30, 2007 at 05:03:42PM +0200, Tuomas Kulve wrote: > hendrik at topoi.pooq.com wrote: > > > That's bizarre. What security implications are there in ping that would > > mean it has to be run only by root? Forcing people to use root when not > > necessary is itself a security problem. > > Ping seems to be setuid root on my debian. So it's run as root here too. There's a big difference between setuid root ahd having to be root. I presume ping can handle its own security issues and ping properly and unobjectionably. But if I have to become root before executing ping, there's a whole load of trouble I can get into by forgetting the stop being root after I've run ping. Not to mention that I might be a know-little user who can't be trusted with full root access. Who might know just enough to get into serious trouble but not enough not to. -- hendrik
