1 |
On Tue, 16 Dec 2003 13:33:07 -0500 |
2 |
Mark Guertin <guertin@××××××××××××××.com> wrote: |
3 |
|
4 |
> On 16-Dec-03, at 1:16 PM, Michael Reilly wrote: |
5 |
> |
6 |
> >> Well, I can't speak for everyone else, but I certainly find the |
7 |
> >> changes |
8 |
> >> welcome. |
9 |
> > |
10 |
> > I find the change offensive. It is my system and I want the tools I |
11 |
> > install |
12 |
> > to work. There is no excuse for someone thinking they can force me to |
13 |
> > su |
14 |
> > every time I want to run traceroute. Of course the fix is obvious - |
15 |
> > chmod |
16 |
> > 4755 traceroute. |
17 |
> > |
18 |
> > Why isn't this a USE option? |
19 |
> |
20 |
> a USE option for this doesn't make a lot of sense in my mind .... think |
21 |
> about it. USE="suid" could be more like USE="hackmenow" ;) The trend |
22 |
> with security is to eliminate this sort of thing, not to encourage it. |
23 |
|
24 |
Depends on how you view security and where you want to put your security. I |
25 |
much prefer an overall solution like selinux or rsbac and to some extent |
26 |
grsecurity. Making a single or few tools more difficult to use doesn't help |
27 |
security in the end. |
28 |
|
29 |
> That said it's easy enough for you to chmod it, so maybe a simple ewarn |
30 |
> is in order for people that have this concern that they can chmod it if |
31 |
> they desire, but I agree that by default that less with these |
32 |
> permissions are better. |
33 |
|
34 |
A warning would be useful. What I disagree with is someone silently making |
35 |
tools less useful without letting the person installing the tool and using |
36 |
the system know what is being done and not allowing an option to retain the |
37 |
functionality. |
38 |
|
39 |
michael |
40 |
> |
41 |
> cfengine is the good stuff. Works on OSX too in case anyone cares :) |
42 |
|
43 |
Thanks for the pointer to cfengine - I'll take a look. |
44 |
> |
45 |
> Mark |
46 |
> |
47 |
> |
48 |
> -- |
49 |
> gentoo-security@g.o mailing list |
50 |
|
51 |
|
52 |
-- |
53 |
---- ---- ---- |
54 |
Michael Reilly michaelr@×××××.com |
55 |
Cisco Systems, Santa Cruz, CA |
56 |
|
57 |
-- |
58 |
gentoo-security@g.o mailing list |