diff options
author | deraadt <deraadt@openbsd.org> | 2015-10-03 00:44:37 +0000 |
---|---|---|
committer | deraadt <deraadt@openbsd.org> | 2015-10-03 00:44:37 +0000 |
commit | e4ad10c0a60512cd3f6f6a5b1978886ed31dc796 (patch) | |
tree | 56d608dbef68ec2e3891527540006e9950ed0bee /usr.sbin/tcpdump/tcpdump.c | |
parent | Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (along (diff) | |
download | wireguard-openbsd-e4ad10c0a60512cd3f6f6a5b1978886ed31dc796.tar.xz wireguard-openbsd-e4ad10c0a60512cd3f6f6a5b1978886ed31dc796.zip |
ping is a setuid root priv-drop which holds a sockraw. we can tame it
substantially with "stdio inet", plus "dns" if the -n option is missing.
a successful exploit against it then cannot create files, or perform a
variety of other operations, as described in the tame(2) man page.
work with florian a while back
ok doug
Diffstat (limited to 'usr.sbin/tcpdump/tcpdump.c')
0 files changed, 0 insertions, 0 deletions