According to <hendrik at topoi.pooq.com>:
> On Sat, Dec 29, 2007 at 07:23:15PM -0500, James Knott wrote:
> >
> > Ping is there, but you have to be root to use it.
>
> That's bizarre. What security implications are there in ping that would
> mean it has to be run only by root? Forcing people to use root when not
> necessary is itself a security problem.
Ping is root-only not because the actual ping function is a security
issue, but because you have to open a raw socket to send ICMP packets,
which *is* a security issue. Making ping suidroot is a reasonable
solution, but not when it's a link to busybox.
Steve
--
Steve Greenland
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net
