|
|
|
|
|
|
by mcpherrinm
1251 days ago
|
|
|
Fortunately these days programs like ping can use more focused alternatives to setuid, like CAP_NET_RAW, to greatly reduce attack surface. But also we’ve largely given up on Unix users as a security barrier in many places, instead using things like VMs as the interface between different tenants in hosting providers and clouds and such. The age of untrusted shell accounts shared Unix servers is ending, if not over already. Passwordless sudo on a cloud VM is probably the norm now. |
|
|