COMMAND

    ioctl()

SYSTEMS AFFECTED

    BSD

PROBLEM

    If you get  a socket created  by root passed  to a program  as any
    user  you  can  use  socket  ioctl()  calls  to  it.  Things  like
    SIOCSIFFLAGS (to do  stuff like down  the ethernet port).  You can
    get such a socket by several means. One convenient one being  rsh.
    So a quick  program of the  form (this is  intentionally not quite
    right and short includes - the clueless will have to learn  before
    they can compile it).

	void main()
	{
		struct ifreq ifr;
		strcpy(ifr.ifr_name,"hme0");
		ifr.ifr_flags=0;
		ioctl(0, SIOCSIFFLAGS, &ifr);
	}

    run via rsh is a bit unpleasant.