>Using systrace, ping can run without any privileges and a policy
>like

> netbsd-socket: sockdom eq "AF_INET" and socktype eq "SOCK_RAW" then \
> permit as root

I'm not familiar with systrace, but I _hope_ the policy can be more 
specific than that? 
The above looks like it would allow any program to open raw sockets
"as root".  Just what I'd need if wanting to run rawpkt or whatever to
spew fordged packets into the net ;-)

Thanks
--sjg