Gentoo Archives: gentoo-security

From: James Dennis <james@×××××××××××××.com>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 14:25:10
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Michael Reilly
This whole discussion is getting ridiculous. Gentoo is clearly looking 
to make a more secure _default_ install. You only have to su everytime 
if you're too lazy to use chmod... which was already mentioned... so 
how about we agree it's moot?

On Tuesday, December 16, 2003, at 01:16  PM, Michael Reilly wrote:

> On Tue, 16 Dec 2003 12:18:42 -0500 > Kurt Lieber <klieber@g.o> wrote: > >> On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen >> wrote: >>> Am I the only one that finds the newest changes to traceroute nothing >>> but a large inconvenience? >> >> Well, I can't speak for everyone else, but I certainly find the >> changes >> welcome. > > I find the change offensive. It is my system and I want the tools I > install > to work. There is no excuse for someone thinking they can force me to > su > every time I want to run traceroute. Of course the fix is obvious - > chmod > 4755 traceroute. > > Why isn't this a USE option? > > I do hope the new traceroute works when set suid unlike another "tool" > in > common use for looking at network traffic which refuses to run when > set suid > - I have not tried it yet. > > michael >> >>> As near as I can figure, if I install traceroute, I want to use it, >>> not >>> muck with permissions or su - everytime I care to do some network >>> analyzation. >> >> This is going to sound inflammatory, but I truly don't mean it as >> such. >> That said, this is the mentality that caused Microsoft so many >> problems >> with their products over the year. They made a conscious decision >> that >> usability concerns would (almost) always trump security concerns. >> That >> led to lovely things like new shares having "Anyone/Full Control" >> permissions by default. >> >> At least on my servers, the only people I want using tools like >> traceroute/tracepath are those folks who are responsbible for >> administering them. Those are the same people who have root access >> on the >> server, so requiring them to type 'sudo' in front of the command isn't >> overly burdensome, imo. >> >> --kurt >> > > > -- > ---- ---- ---- > Michael Reilly michaelr@×××××.com > Cisco Systems, Santa Cruz, CA > > -- > gentoo-security@g.o mailing list > >
-- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Michael Reilly <michaelr@×××××.com>
Re: [gentoo-security] Changes to traceroute in newest release David Olsen <lude@××××××××××.com>