This is a worthwhile discussion. Trying to censor/supress it is not
On Tue, 16 Dec 2003 15:25:09 -0500
James Dennis <james@...> wrote:
> This whole discussion is getting ridiculous. Gentoo is clearly looking
> to make a more secure _default_ install. You only have to su everytime
> if you're too lazy to use chmod... which was already mentioned... so
> how about we agree it's moot?
> On Tuesday, December 16, 2003, at 01:16 PM, Michael Reilly wrote:
> > On Tue, 16 Dec 2003 12:18:42 -0500
> > Kurt Lieber <email@example.com> wrote:
> >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen
> >> wrote:
> >>> Am I the only one that finds the newest changes to traceroute nothing
> >>> but a large inconvenience?
> >> Well, I can't speak for everyone else, but I certainly find the
> >> changes
> >> welcome.
> > I find the change offensive. It is my system and I want the tools I
> > install
> > to work. There is no excuse for someone thinking they can force me to
> > su
> > every time I want to run traceroute. Of course the fix is obvious -
> > chmod
> > 4755 traceroute.
> > Why isn't this a USE option?
> > I do hope the new traceroute works when set suid unlike another "tool"
> > in
> > common use for looking at network traffic which refuses to run when
> > set suid
> > - I have not tried it yet.
> > michael
> >>> As near as I can figure, if I install traceroute, I want to use it,
> >>> not
> >>> muck with permissions or su - everytime I care to do some network
> >>> analyzation.
> >> This is going to sound inflammatory, but I truly don't mean it as
> >> such.
> >> That said, this is the mentality that caused Microsoft so many
> >> problems
> >> with their products over the year. They made a conscious decision
> >> that
> >> usability concerns would (almost) always trump security concerns.
> >> That
> >> led to lovely things like new shares having "Anyone/Full Control"
> >> permissions by default.
> >> At least on my servers, the only people I want using tools like
> >> traceroute/tracepath are those folks who are responsbible for
> >> administering them. Those are the same people who have root access
> >> on the
> >> server, so requiring them to type 'sudo' in front of the command isn't
> >> overly burdensome, imo.
> >> --kurt
> > --
> > ---- ---- ----
> > Michael Reilly michaelr@...
> > Cisco Systems, Santa Cruz, CA
> > --
> > firstname.lastname@example.org mailing list
> email@example.com mailing list
---- ---- ----
Michael Reilly michaelr@...
Cisco Systems, Santa Cruz, CA
firstname.lastname@example.org mailing list