1 |
This whole discussion is getting ridiculous. Gentoo is clearly looking |
2 |
to make a more secure _default_ install. You only have to su everytime |
3 |
if you're too lazy to use chmod... which was already mentioned... so |
4 |
how about we agree it's moot? |
5 |
-James |
6 |
|
7 |
On Tuesday, December 16, 2003, at 01:16 PM, Michael Reilly wrote: |
8 |
|
9 |
> On Tue, 16 Dec 2003 12:18:42 -0500 |
10 |
> Kurt Lieber <klieber@g.o> wrote: |
11 |
> |
12 |
>> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen |
13 |
>> wrote: |
14 |
>>> Am I the only one that finds the newest changes to traceroute nothing |
15 |
>>> but a large inconvenience? |
16 |
>> |
17 |
>> Well, I can't speak for everyone else, but I certainly find the |
18 |
>> changes |
19 |
>> welcome. |
20 |
> |
21 |
> I find the change offensive. It is my system and I want the tools I |
22 |
> install |
23 |
> to work. There is no excuse for someone thinking they can force me to |
24 |
> su |
25 |
> every time I want to run traceroute. Of course the fix is obvious - |
26 |
> chmod |
27 |
> 4755 traceroute. |
28 |
> |
29 |
> Why isn't this a USE option? |
30 |
> |
31 |
> I do hope the new traceroute works when set suid unlike another "tool" |
32 |
> in |
33 |
> common use for looking at network traffic which refuses to run when |
34 |
> set suid |
35 |
> - I have not tried it yet. |
36 |
> |
37 |
> michael |
38 |
>> |
39 |
>>> As near as I can figure, if I install traceroute, I want to use it, |
40 |
>>> not |
41 |
>>> muck with permissions or su - everytime I care to do some network |
42 |
>>> analyzation. |
43 |
>> |
44 |
>> This is going to sound inflammatory, but I truly don't mean it as |
45 |
>> such. |
46 |
>> That said, this is the mentality that caused Microsoft so many |
47 |
>> problems |
48 |
>> with their products over the year. They made a conscious decision |
49 |
>> that |
50 |
>> usability concerns would (almost) always trump security concerns. |
51 |
>> That |
52 |
>> led to lovely things like new shares having "Anyone/Full Control" |
53 |
>> permissions by default. |
54 |
>> |
55 |
>> At least on my servers, the only people I want using tools like |
56 |
>> traceroute/tracepath are those folks who are responsbible for |
57 |
>> administering them. Those are the same people who have root access |
58 |
>> on the |
59 |
>> server, so requiring them to type 'sudo' in front of the command isn't |
60 |
>> overly burdensome, imo. |
61 |
>> |
62 |
>> --kurt |
63 |
>> |
64 |
> |
65 |
> |
66 |
> -- |
67 |
> ---- ---- ---- |
68 |
> Michael Reilly michaelr@×××××.com |
69 |
> Cisco Systems, Santa Cruz, CA |
70 |
> |
71 |
> -- |
72 |
> gentoo-security@g.o mailing list |
73 |
> |
74 |
> |
75 |
|
76 |
|
77 |
-- |
78 |
gentoo-security@g.o mailing list |