ping is a setuid root priv-drop which holds a sockraw. we can tame it - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	deraadt <deraadt@openbsd.org>	2015-10-03 00:44:37 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-03 00:44:37 +0000
commit	e4ad10c0a60512cd3f6f6a5b1978886ed31dc796 (patch)
tree	56d608dbef68ec2e3891527540006e9950ed0bee /usr.sbin/tcpdump/tcpdump.c
parent	Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (along (diff)
download	wireguard-openbsd-e4ad10c0a60512cd3f6f6a5b1978886ed31dc796.tar.xz wireguard-openbsd-e4ad10c0a60512cd3f6f6a5b1978886ed31dc796.zip

ping is a setuid root priv-drop which holds a sockraw. we can tame it

substantially with "stdio inet", plus "dns" if the -n option is missing. a successful exploit against it then cannot create files, or perform a variety of other operations, as described in the tame(2) man page. work with florian a while back ok doug

Diffstat (limited to 'usr.sbin/tcpdump/tcpdump.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: