Gentoo Archives: gentoo-security

From: Michael Reilly <michaelr@×××××.com>
To: James Dennis <james@×××××××××××××.com>
Cc: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 16:25:04
Message-Id: 20031216142352.5abfafda.michaelr@cisco.com
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by James Dennis
This is a worthwhile discussion.  Trying to censor/supress it is not
productive.

michael
On Tue, 16 Dec 2003 15:25:09 -0500
James Dennis <james@×××××××××××××.com> wrote:

> This whole discussion is getting ridiculous. Gentoo is clearly looking > to make a more secure _default_ install. You only have to su everytime > if you're too lazy to use chmod... which was already mentioned... so > how about we agree it's moot? > -James > > On Tuesday, December 16, 2003, at 01:16 PM, Michael Reilly wrote: > > > On Tue, 16 Dec 2003 12:18:42 -0500 > > Kurt Lieber <klieber@g.o> wrote: > > > >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen > >> wrote: > >>> Am I the only one that finds the newest changes to traceroute nothing > >>> but a large inconvenience? > >> > >> Well, I can't speak for everyone else, but I certainly find the > >> changes > >> welcome. > > > > I find the change offensive. It is my system and I want the tools I > > install > > to work. There is no excuse for someone thinking they can force me to > > su > > every time I want to run traceroute. Of course the fix is obvious - > > chmod > > 4755 traceroute. > > > > Why isn't this a USE option? > > > > I do hope the new traceroute works when set suid unlike another "tool" > > in > > common use for looking at network traffic which refuses to run when > > set suid > > - I have not tried it yet. > > > > michael > >> > >>> As near as I can figure, if I install traceroute, I want to use it, > >>> not > >>> muck with permissions or su - everytime I care to do some network > >>> analyzation. > >> > >> This is going to sound inflammatory, but I truly don't mean it as > >> such. > >> That said, this is the mentality that caused Microsoft so many > >> problems > >> with their products over the year. They made a conscious decision > >> that > >> usability concerns would (almost) always trump security concerns. > >> That > >> led to lovely things like new shares having "Anyone/Full Control" > >> permissions by default. > >> > >> At least on my servers, the only people I want using tools like > >> traceroute/tracepath are those folks who are responsbible for > >> administering them. Those are the same people who have root access > >> on the > >> server, so requiring them to type 'sudo' in front of the command isn't > >> overly burdensome, imo. > >> > >> --kurt > >> > > > > > > -- > > ---- ---- ---- > > Michael Reilly michaelr@×××××.com > > Cisco Systems, Santa Cruz, CA > > > > -- > > gentoo-security@g.o mailing list > > > > > > > -- > gentoo-security@g.o mailing list
-- ---- ---- ---- Michael Reilly michaelr@×××××.com Cisco Systems, Santa Cruz, CA -- gentoo-security@g.o mailing list