Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Mark Guertin <guertin@...>
From: Michael Reilly <michaelr@...>
Subject: Re: Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 11:43:10 -0800
On Tue, 16 Dec 2003 13:33:07 -0500
Mark Guertin <guertin@...> wrote:

> On 16-Dec-03, at 1:16 PM, Michael Reilly wrote:
> 
> >> Well, I can't speak for everyone else, but I certainly find the 
> >> changes
> >> welcome.
> >
> > I find the change offensive.  It is my system and I want the tools I 
> > install
> > to work.  There is no excuse for someone thinking they can force me to 
> > su
> > every time I want to run traceroute.  Of course the fix is obvious - 
> > chmod
> > 4755 traceroute.
> >
> > Why isn't this a USE option?
> 
> a USE option for this doesn't make a lot of sense in my mind .... think 
> about it.  USE="suid" could be more like USE="hackmenow" ;)  The trend 
> with security is to eliminate this sort of thing, not to encourage it.

Depends on how you view security and where you want to put your security.  I
much prefer an overall solution like selinux or rsbac  and to some extent
grsecurity.  Making a single or few tools more difficult to use doesn't help
security in the end.

> That said it's easy enough for you to chmod it, so maybe a simple ewarn 
> is in order for people that have this concern that they can chmod it if 
> they desire, but I agree that by default that less with these 
> permissions are better.

A warning would be useful.  What I disagree with is someone silently making
tools less useful without letting the person installing the tool and using
the system know what is being done and not allowing an option to retain the
functionality.

michael
> 
> cfengine is the good stuff.  Works on OSX too in case anyone cares :)

Thanks for the pointer to cfengine - I'll take a look.
> 
> Mark
> 
> 
> --
> gentoo-security@g.o mailing list


-- 
---- ---- ----
Michael Reilly    michaelr@...
    Cisco Systems, Santa Cruz, CA

--
gentoo-security@g.o mailing list

Replies:
Re: Changes to traceroute in newest release
-- Heikki Levanto
References:
Changes to traceroute in newest release
-- David Olsen
Re: Changes to traceroute in newest release
-- Kurt Lieber
Re: Changes to traceroute in newest release
-- Michael Reilly
Re: Changes to traceroute in newest release
-- Mark Guertin
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Changes to traceroute in newest release
Next by thread:
Re: Changes to traceroute in newest release
Previous by date:
Re: Changes to traceroute in newest release
Next by date:
Re: Changes to traceroute in newest release


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.