Gentoo Archives: gentoo-security

From: James Dennis <james@×××××××××××××.com>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 14:25:10
Message-Id: F1DF78B7-3005-11D8-B4D5-000A958C5792@firstaidmusic.com
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Michael Reilly
This whole discussion is getting ridiculous. Gentoo is clearly looking 
to make a more secure _default_ install. You only have to su everytime 
if you're too lazy to use chmod... which was already mentioned... so 
how about we agree it's moot?
-James

On Tuesday, December 16, 2003, at 01:16  PM, Michael Reilly wrote:

> On Tue, 16 Dec 2003 12:18:42 -0500 > Kurt Lieber <klieber@g.o> wrote: > >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen >> wrote: >>> Am I the only one that finds the newest changes to traceroute nothing >>> but a large inconvenience? >> >> Well, I can't speak for everyone else, but I certainly find the >> changes >> welcome. > > I find the change offensive. It is my system and I want the tools I > install > to work. There is no excuse for someone thinking they can force me to > su > every time I want to run traceroute. Of course the fix is obvious - > chmod > 4755 traceroute. > > Why isn't this a USE option? > > I do hope the new traceroute works when set suid unlike another "tool" > in > common use for looking at network traffic which refuses to run when > set suid > - I have not tried it yet. > > michael >> >>> As near as I can figure, if I install traceroute, I want to use it, >>> not >>> muck with permissions or su - everytime I care to do some network >>> analyzation. >> >> This is going to sound inflammatory, but I truly don't mean it as >> such. >> That said, this is the mentality that caused Microsoft so many >> problems >> with their products over the year. They made a conscious decision >> that >> usability concerns would (almost) always trump security concerns. >> That >> led to lovely things like new shares having "Anyone/Full Control" >> permissions by default. >> >> At least on my servers, the only people I want using tools like >> traceroute/tracepath are those folks who are responsbible for >> administering them. Those are the same people who have root access >> on the >> server, so requiring them to type 'sudo' in front of the command isn't >> overly burdensome, imo. >> >> --kurt >> > > > -- > ---- ---- ---- > Michael Reilly michaelr@×××××.com > Cisco Systems, Santa Cruz, CA > > -- > gentoo-security@g.o mailing list > >
-- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Michael Reilly <michaelr@×××××.com>
Re: [gentoo-security] Changes to traceroute in newest release David Olsen <lude@××××××××××.com>