Gentoo Archives: gentoo-security

From: "Patrick Börjesson" <psycho@××××××××.cx>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 15:44:17
Message-Id: 20031216224332.5cfef9bb.psycho@rift.ath.cx
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by David Olsen
1 > > This whole discussion is getting ridiculous. Gentoo is clearly
2 > > looking to make a more secure _default_ install. You only have to su
3 > > everytime if you're too lazy to use chmod... which was already
4 > > mentioned... so how about we agree it's moot?
5 > > -James
6 >
7 > The point was traceroute is _not_ installed by default. An admin
8 > desiring to install this software, in my case, on several hundred
9 > servers, I don't want to have to chmod traceroute on all those boxes,
10 > everytime there's an update to traceoute because of what could be
11 > deemed a poor choice for security.
12 >
13 > I don't see where the discussion has gotten moot or off-track. If
14 > enough of the community wants it back the way it was, I assume Gentoo
15 > developers will respond as such.
16
17 I'd guess that the people that want software installed insecurely by
18 default are a minority among users (or atleast I hope so). Per default
19 most distributions try to minimize the number of applications that are
20 installed suid root, which I hope Gentoo will too.
21 Those that have taken all the security related considerations and still
22 want traceroute installed suid root should either modify the ebuild and
23 stash it in their overlay, or install something like cfengine that
24 sets permissions to their needs.
25
26 Patrick Börjesson
27
28 --
29 Public key ID: 4C5AB0BF
30 Public key available at wwwkeys.pgp.net