List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Tue, 16 Dec 2003 13:33:07 -0500
Mark Guertin <guertin@...> wrote:
> On 16-Dec-03, at 1:16 PM, Michael Reilly wrote:
> >> Well, I can't speak for everyone else, but I certainly find the
> >> changes
> >> welcome.
> > I find the change offensive. It is my system and I want the tools I
> > install
> > to work. There is no excuse for someone thinking they can force me to
> > su
> > every time I want to run traceroute. Of course the fix is obvious -
> > chmod
> > 4755 traceroute.
> > Why isn't this a USE option?
> a USE option for this doesn't make a lot of sense in my mind .... think
> about it. USE="suid" could be more like USE="hackmenow" ;) The trend
> with security is to eliminate this sort of thing, not to encourage it.
Depends on how you view security and where you want to put your security. I
much prefer an overall solution like selinux or rsbac and to some extent
grsecurity. Making a single or few tools more difficult to use doesn't help
security in the end.
> That said it's easy enough for you to chmod it, so maybe a simple ewarn
> is in order for people that have this concern that they can chmod it if
> they desire, but I agree that by default that less with these
> permissions are better.
A warning would be useful. What I disagree with is someone silently making
tools less useful without letting the person installing the tool and using
the system know what is being done and not allowing an option to retain the
> cfengine is the good stuff. Works on OSX too in case anyone cares :)
Thanks for the pointer to cfengine - I'll take a look.
> firstname.lastname@example.org mailing list
---- ---- ----
Michael Reilly michaelr@...
Cisco Systems, Santa Cruz, CA
email@example.com mailing list