Fritz Adalis@FritzAdalis@infosec.exchange
@mdwyer@mastodon.social
You were the one that prevented US-EAST-1 from crashing? Nice! My saves are on a much smaller scale.
I'll begrudgingly concede that it needs to generate its own packets so it needs its own stack. I'd still be happier if they limited that priv to just a small subprocess and then dropped it for everything else. And if they did it in a way that wasn't Linux-specific.
Michael Dwyer@mdwyer@mastodon.social
@FritzAdalis@infosec.exchange
Well, let's be honest: everyone's job there was keeping US-EAST-1 from crashing...
But, yeah I take your point. It is an interesting thought. I'm even seriously mulling the kernel idea. Is there a minimal stub you could put in the kernel and leave all the scary stuff in user space?
This wouldn't help the BSD case at all, of course.
But that same minimal stub could be the portion you run as root.
Does PING still require setuid?