Gentoo Archives: gentoo-security

From: Kurt Lieber <klieber@g.o>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 11:20:11
In Reply to: [gentoo-security] Changes to traceroute in newest release by David Olsen
On Tue, Dec 16, 2003 at 11:59:00AM -0500 or thereabouts, David Olsen wrote:
> Am I the only one that finds the newest changes to traceroute nothing but a > large inconvenience?
Well, I can't speak for everyone else, but I certainly find the changes welcome.
> As near as I can figure, if I install traceroute, I want to use it, not muck > with permissions or su - everytime I care to do some network analyzation.
This is going to sound inflammatory, but I truly don't mean it as such. That said, this is the mentality that caused Microsoft so many problems with their products over the year. They made a conscious decision that usability concerns would (almost) always trump security concerns. That led to lovely things like new shares having "Anyone/Full Control" permissions by default. At least on my servers, the only people I want using tools like traceroute/tracepath are those folks who are responsbible for administering them. Those are the same people who have root access on the server, so requiring them to type 'sudo' in front of the command isn't overly burdensome, imo. --kurt


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release David Olsen <do@×××××××.com>
Re: [gentoo-security] Changes to traceroute in newest release Michael Reilly <michaelr@×××××.com>