Michael Dwyer@mdwyer@mastodon.social
@FritzAdalis@infosec.exchange
Well, let's be honest: everyone's job there was keeping US-EAST-1 from crashing...
But, yeah I take your point. It is an interesting thought. I'm even seriously mulling the kernel idea. Is there a minimal stub you could put in the kernel and leave all the scary stuff in user space?
This wouldn't help the BSD case at all, of course.
But that same minimal stub could be the portion you run as root.
Does PING still require setuid?
Fritz Adalis@FritzAdalis@infosec.exchange
@mdwyer@mastodon.social
Looks like on OpenBSD it is, but it opens the raw socket and drops privs to the calling user, plus pledge and unveil.