Gentoo Archives: gentoo-security

From: Bill Kenworthy <billk@×××××××××.au>
To: Bill Moritz <ego@××××××××××.com>
Cc: gentoo-security List <gentoo-security@g.o>
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 19:36:22
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Bill Moritz
Or to turn it around, on a user managed workstation its both
inconvenient and adds little to security.  In fact, its easiest to just
keep a root window open and run it from there - which is insecure if you
walk away and leave it running.

The point I am trying to make is that forcing useful tools to run as
root for everyone makes little sense on a user managed workstation and
can be counter-productive as above when users just work around the
restrictions in an insecure manner.

Perhaps a "secure_options" use flag to cater for those who work in
multiuser/insecure environments?  I would rather not suffer an unusable
system because a few users have special requirements.


On Wed, 2003-12-17 at 09:16, Bill Moritz wrote:
> > SUID exploits are based on the premise that you've already access to > > the system in question. If you don't trust people with accounts on > > your system, they shouldn't have it. > > What about people that run shell servers? Should I have an interview > process and a background check on anyone that wants to pay for access to my > systems? > > > Just another $.02 > > > > -d > > -bill > > -- > gentoo-security@g.o mailing list
-- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Bill Moritz <ego@××××××××××.com>