Gentoo Archives: gentoo-security

From: Michael Reilly <michaelr@×××××.com>
To: Jesse <ras1@××××××××××××.com>
Cc: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 16:28:31
Message-Id: 20031216142723.7a906d9a.michaelr@cisco.com
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Jesse
cfengine looks like a good solution.

Part of the problem is that this was not done publicly.  Some people did not
discover the change until tcpdump suddenly stopped working.  (No flames
about not reading the changelogs, please.)

michael
On Tue, 16 Dec 2003 14:03:40 -0800
Jesse <ras1@××××××××××××.com> wrote:

> On Tue, 2003-12-16 at 12:47, David Olsen wrote: > > On 2003-12-16 at 15:25:09, James Dennis <james@×××××××××××××.com> wrote: > > > This whole discussion is getting ridiculous. > > I agree here... > > > The point was traceroute is _not_ installed by default. An admin > > desiring to install this software, in my case, on several hundred > > servers, I don't want to have to chmod traceroute on all those boxes, > > everytime there's an update to traceoute because of what could be deemed > > a poor choice for security. > > Use cfengine as pointed out earlier, or write a script to do this... > This is not really a big issue. > > > If enough of the community wants it back the way it was, I assume Gentoo > > developers will respond as such. > > Seems like this is not the case here. > > --ras > > > > > -- > gentoo-security@g.o mailing list
-- ---- ---- ---- Michael Reilly michaelr@×××××.com Cisco Systems, Santa Cruz, CA -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Adam Bisaro <adbisaro@×××××.edu>