Den 01/10/2012 kl. 13.08 skrev Konstantin Belousov = <kostikbel@gmail.com>: >=20 > I do not believe in the dreadful 'flood ping' security breach. Is a > local escalation possible with non-dropped root ? No idea. Reading the code, I see some functionality the author decided = should only be accessible to root users. There's 600 lines of code left = in main() and I'm not skilled enough to see if there are any potential = exploits left. If it's not a security breach then I'm on the wrong list, but I guess it = still leads to unintended behavior if setuid() fails? Erik= _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"