oss-sec mailing list archives

Re: xscreensaver package caps gets raw socket

From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Mon, 19 Apr 2021 11:01:54 -0400

On Sat, 17 Apr 2021 at 07:41:15 -0700, Tavis Ormandy wrote:

Oh, I also pitched using popen("/bin/ping" ..), but I think nobody is
really convinced that will work, but I kinda like it :)


On Apr 18, 2021, at 8:25 AM, Simon McVittie <smcv () debian org> wrote:

That's consistent with the principle of least-privilege, and the widely
cited Unix philosophy of having programs that do one thing well.

If you need to gain privileges, then I think that's a much, much better
approach - ideally a new ping-like program that prints a machine-readable
syntax rather than having to screen-scrape human-readable output, but
if that's not available then ping itself is the next best thing.



I agree, running “ping” in a separate process
is FAR better than giving the “main” process
extra permissions it doesn’t actually need.
You’d have to be careful about the parameters sent, but that’s necessary anyway.
I don’t see the problem of calling /bin/ping, that sounds like the right answer.

Scraping is undesirable, but sometimes needed. If this is a common need, a
long-term solution might be to create an option on ping to generate a standard
format that’s easier to machine-parse.

--- David A. Wheeler

Current thread:

xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Tavis Ormandy (Apr 17)
- Re: xscreensaver package caps gets raw socket Érico Nogueira (Apr 18)
  - Re: xscreensaver package caps gets raw socket Solar Designer (Apr 18)
  - Re: xscreensaver package caps gets raw socket Alan Coopersmith (Apr 18)
- Re: xscreensaver package caps gets raw socket Simon McVittie (Apr 18)
  - Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
    - Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
    - Re: xscreensaver package caps gets raw socket David A. Wheeler (Apr 19)
    - Re: xscreensaver package caps gets raw socket Ariadne Conill (Apr 19)
    - Re: xscreensaver package caps gets raw socket Eli Schwartz (Apr 19)
    - Re: xscreensaver package caps gets raw socket Stuart Henderson (Apr 19)
- Re: xscreensaver package caps gets raw socket Solar Designer (Apr 19)
- Re: xscreensaver package caps gets raw socket Salvatore Bonaccorso (Apr 21)