| 1 |
This is a worthwhile discussion. Trying to censor/supress it is not |
| 2 |
productive. |
| 3 |
|
| 4 |
michael |
| 5 |
On Tue, 16 Dec 2003 15:25:09 -0500 |
| 6 |
James Dennis <james@×××××××××××××.com> wrote: |
| 7 |
|
| 8 |
> This whole discussion is getting ridiculous. Gentoo is clearly looking |
| 9 |
> to make a more secure _default_ install. You only have to su everytime |
| 10 |
> if you're too lazy to use chmod... which was already mentioned... so |
| 11 |
> how about we agree it's moot? |
| 12 |
> -James |
| 13 |
> |
| 14 |
> On Tuesday, December 16, 2003, at 01:16 PM, Michael Reilly wrote: |
| 15 |
> |
| 16 |
> > On Tue, 16 Dec 2003 12:18:42 -0500 |
| 17 |
> > Kurt Lieber <klieber@g.o> wrote: |
| 18 |
> > |
| 19 |
> >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen |
| 20 |
> >> wrote: |
| 21 |
> >>> Am I the only one that finds the newest changes to traceroute nothing |
| 22 |
> >>> but a large inconvenience? |
| 23 |
> >> |
| 24 |
> >> Well, I can't speak for everyone else, but I certainly find the |
| 25 |
> >> changes |
| 26 |
> >> welcome. |
| 27 |
> > |
| 28 |
> > I find the change offensive. It is my system and I want the tools I |
| 29 |
> > install |
| 30 |
> > to work. There is no excuse for someone thinking they can force me to |
| 31 |
> > su |
| 32 |
> > every time I want to run traceroute. Of course the fix is obvious - |
| 33 |
> > chmod |
| 34 |
> > 4755 traceroute. |
| 35 |
> > |
| 36 |
> > Why isn't this a USE option? |
| 37 |
> > |
| 38 |
> > I do hope the new traceroute works when set suid unlike another "tool" |
| 39 |
> > in |
| 40 |
> > common use for looking at network traffic which refuses to run when |
| 41 |
> > set suid |
| 42 |
> > - I have not tried it yet. |
| 43 |
> > |
| 44 |
> > michael |
| 45 |
> >> |
| 46 |
> >>> As near as I can figure, if I install traceroute, I want to use it, |
| 47 |
> >>> not |
| 48 |
> >>> muck with permissions or su - everytime I care to do some network |
| 49 |
> >>> analyzation. |
| 50 |
> >> |
| 51 |
> >> This is going to sound inflammatory, but I truly don't mean it as |
| 52 |
> >> such. |
| 53 |
> >> That said, this is the mentality that caused Microsoft so many |
| 54 |
> >> problems |
| 55 |
> >> with their products over the year. They made a conscious decision |
| 56 |
> >> that |
| 57 |
> >> usability concerns would (almost) always trump security concerns. |
| 58 |
> >> That |
| 59 |
> >> led to lovely things like new shares having "Anyone/Full Control" |
| 60 |
> >> permissions by default. |
| 61 |
> >> |
| 62 |
> >> At least on my servers, the only people I want using tools like |
| 63 |
> >> traceroute/tracepath are those folks who are responsbible for |
| 64 |
> >> administering them. Those are the same people who have root access |
| 65 |
> >> on the |
| 66 |
> >> server, so requiring them to type 'sudo' in front of the command isn't |
| 67 |
> >> overly burdensome, imo. |
| 68 |
> >> |
| 69 |
> >> --kurt |
| 70 |
> >> |
| 71 |
> > |
| 72 |
> > |
| 73 |
> > -- |
| 74 |
> > ---- ---- ---- |
| 75 |
> > Michael Reilly michaelr@×××××.com |
| 76 |
> > Cisco Systems, Santa Cruz, CA |
| 77 |
> > |
| 78 |
> > -- |
| 79 |
> > gentoo-security@g.o mailing list |
| 80 |
> > |
| 81 |
> > |
| 82 |
> |
| 83 |
> |
| 84 |
> -- |
| 85 |
> gentoo-security@g.o mailing list |
| 86 |
|
| 87 |
|
| 88 |
-- |
| 89 |
---- ---- ---- |
| 90 |
Michael Reilly michaelr@×××××.com |
| 91 |
Cisco Systems, Santa Cruz, CA |
| 92 |
|
| 93 |
-- |
| 94 |
gentoo-security@g.o mailing list |
Archives