From: Maciej Żenczykowski
Date: Tue, 24 Sep 2019 16:47:00 +0200
>> Removing this is going to break things, you can't just remove a sysctl
>> because "oh it was a bad idea to add this, sorry."
>
> Yeah, I know... but do you have any other suggestions?
>
> Would you take an alternative to make th
> Removing this is going to break things, you can't just remove a sysctl
> because "oh it was a bad idea to add this, sorry."
Yeah, I know... but do you have any other suggestions?
Would you take an alternative to make the default wide opened?
The current sysctl just doesn't work. It can even p
Removing this is going to break things, you can't just remove a sysctl
because "oh it was a bad idea to add this, sorry."
From: Maciej Żenczykowski
It is high time to make icmp sockets available to all, and thus allow
utilities like ping, ping6, traceroute and others to not require suid
root nor file system (or otherwise gained) CAP_NET_RAW privs.
While in the past there have been a number of exploits, extensive
sy
