Den 01/10/2012 kl. 13.08 skrev Konstantin Belousov = <[email protected]>: >=20 > I do not believe in the dreadful 'flood ping' security breach. Is a > local escalation possible with non-dropped root ? No idea. Reading the code, I see some functionality the author decided = should only be accessible to root users. There's 600 lines of code left = in main() and I'm not skilled enough to see if there are any potential = exploits left. If it's not a security breach then I'm on the wrong list, but I guess it = still leads to unintended behavior if setuid() fails? Erik= _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"