mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-09 06:30:36 +02:00
e5d64e87d4
Ping and ping6 don't need setuid, they can work with cap_net_raw capability only. This means that even if ping or ping6 had a vulnerability that could be used for execution as root, it can't anymore if the program is not setuid. * gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid programs, add ping, ping6 programs with cap_net_raw=ep capabilities Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
68 KiB
68 KiB