Gentoo Archives: gentoo-security

From: James Dennis <james@×××××××××××××.com>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 14:25:10
Message-Id: F1DF78B7-3005-11D8-B4D5-000A958C5792@firstaidmusic.com
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Michael Reilly
1 This whole discussion is getting ridiculous. Gentoo is clearly looking
2 to make a more secure _default_ install. You only have to su everytime
3 if you're too lazy to use chmod... which was already mentioned... so
4 how about we agree it's moot?
5 -James
6
7 On Tuesday, December 16, 2003, at 01:16 PM, Michael Reilly wrote:
8
9 > On Tue, 16 Dec 2003 12:18:42 -0500
10 > Kurt Lieber <klieber@g.o> wrote:
11 >
12 >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen
13 >> wrote:
14 >>> Am I the only one that finds the newest changes to traceroute nothing
15 >>> but a large inconvenience?
16 >>
17 >> Well, I can't speak for everyone else, but I certainly find the
18 >> changes
19 >> welcome.
20 >
21 > I find the change offensive. It is my system and I want the tools I
22 > install
23 > to work. There is no excuse for someone thinking they can force me to
24 > su
25 > every time I want to run traceroute. Of course the fix is obvious -
26 > chmod
27 > 4755 traceroute.
28 >
29 > Why isn't this a USE option?
30 >
31 > I do hope the new traceroute works when set suid unlike another "tool"
32 > in
33 > common use for looking at network traffic which refuses to run when
34 > set suid
35 > - I have not tried it yet.
36 >
37 > michael
38 >>
39 >>> As near as I can figure, if I install traceroute, I want to use it,
40 >>> not
41 >>> muck with permissions or su - everytime I care to do some network
42 >>> analyzation.
43 >>
44 >> This is going to sound inflammatory, but I truly don't mean it as
45 >> such.
46 >> That said, this is the mentality that caused Microsoft so many
47 >> problems
48 >> with their products over the year. They made a conscious decision
49 >> that
50 >> usability concerns would (almost) always trump security concerns.
51 >> That
52 >> led to lovely things like new shares having "Anyone/Full Control"
53 >> permissions by default.
54 >>
55 >> At least on my servers, the only people I want using tools like
56 >> traceroute/tracepath are those folks who are responsbible for
57 >> administering them. Those are the same people who have root access
58 >> on the
59 >> server, so requiring them to type 'sudo' in front of the command isn't
60 >> overly burdensome, imo.
61 >>
62 >> --kurt
63 >>
64 >
65 >
66 > --
67 > ---- ---- ----
68 > Michael Reilly michaelr@×××××.com
69 > Cisco Systems, Santa Cruz, CA
70 >
71 > --
72 > gentoo-security@g.o mailing list
73 >
74 >
75
76
77 --
78 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Changes to traceroute in newest release David Olsen <lude@××××××××××.com>
Re: [gentoo-security] Changes to traceroute in newest release Michael Reilly <michaelr@×××××.com>