1 |
This is a worthwhile discussion. Trying to censor/supress it is not |
2 |
productive. |
3 |
|
4 |
michael |
5 |
On Tue, 16 Dec 2003 15:25:09 -0500 |
6 |
James Dennis <james@×××××××××××××.com> wrote: |
7 |
|
8 |
> This whole discussion is getting ridiculous. Gentoo is clearly looking |
9 |
> to make a more secure _default_ install. You only have to su everytime |
10 |
> if you're too lazy to use chmod... which was already mentioned... so |
11 |
> how about we agree it's moot? |
12 |
> -James |
13 |
> |
14 |
> On Tuesday, December 16, 2003, at 01:16 PM, Michael Reilly wrote: |
15 |
> |
16 |
> > On Tue, 16 Dec 2003 12:18:42 -0500 |
17 |
> > Kurt Lieber <klieber@g.o> wrote: |
18 |
> > |
19 |
> >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen |
20 |
> >> wrote: |
21 |
> >>> Am I the only one that finds the newest changes to traceroute nothing |
22 |
> >>> but a large inconvenience? |
23 |
> >> |
24 |
> >> Well, I can't speak for everyone else, but I certainly find the |
25 |
> >> changes |
26 |
> >> welcome. |
27 |
> > |
28 |
> > I find the change offensive. It is my system and I want the tools I |
29 |
> > install |
30 |
> > to work. There is no excuse for someone thinking they can force me to |
31 |
> > su |
32 |
> > every time I want to run traceroute. Of course the fix is obvious - |
33 |
> > chmod |
34 |
> > 4755 traceroute. |
35 |
> > |
36 |
> > Why isn't this a USE option? |
37 |
> > |
38 |
> > I do hope the new traceroute works when set suid unlike another "tool" |
39 |
> > in |
40 |
> > common use for looking at network traffic which refuses to run when |
41 |
> > set suid |
42 |
> > - I have not tried it yet. |
43 |
> > |
44 |
> > michael |
45 |
> >> |
46 |
> >>> As near as I can figure, if I install traceroute, I want to use it, |
47 |
> >>> not |
48 |
> >>> muck with permissions or su - everytime I care to do some network |
49 |
> >>> analyzation. |
50 |
> >> |
51 |
> >> This is going to sound inflammatory, but I truly don't mean it as |
52 |
> >> such. |
53 |
> >> That said, this is the mentality that caused Microsoft so many |
54 |
> >> problems |
55 |
> >> with their products over the year. They made a conscious decision |
56 |
> >> that |
57 |
> >> usability concerns would (almost) always trump security concerns. |
58 |
> >> That |
59 |
> >> led to lovely things like new shares having "Anyone/Full Control" |
60 |
> >> permissions by default. |
61 |
> >> |
62 |
> >> At least on my servers, the only people I want using tools like |
63 |
> >> traceroute/tracepath are those folks who are responsbible for |
64 |
> >> administering them. Those are the same people who have root access |
65 |
> >> on the |
66 |
> >> server, so requiring them to type 'sudo' in front of the command isn't |
67 |
> >> overly burdensome, imo. |
68 |
> >> |
69 |
> >> --kurt |
70 |
> >> |
71 |
> > |
72 |
> > |
73 |
> > -- |
74 |
> > ---- ---- ---- |
75 |
> > Michael Reilly michaelr@×××××.com |
76 |
> > Cisco Systems, Santa Cruz, CA |
77 |
> > |
78 |
> > -- |
79 |
> > gentoo-security@g.o mailing list |
80 |
> > |
81 |
> > |
82 |
> |
83 |
> |
84 |
> -- |
85 |
> gentoo-security@g.o mailing list |
86 |
|
87 |
|
88 |
-- |
89 |
---- ---- ---- |
90 |
Michael Reilly michaelr@×××××.com |
91 |
Cisco Systems, Santa Cruz, CA |
92 |
|
93 |
-- |
94 |
gentoo-security@g.o mailing list |