Gentoo Archives: gentoo-security

From: David Olsen <do@×××××××.com>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 11:27:29
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Kurt Lieber
1 On 2003-12-16 at 12:18:42, Kurt Lieber <klieber@g.o> wrote:
2 > This is going to sound inflammatory, but I truly don't mean it as such.
3 Opinions are just that. Mature people with mature opinons should accept as
4 such.
6 > At least on my servers, the only people I want using tools like
7 > traceroute/tracepath are those folks who are responsbible for administering
8 > them. Those are the same people who have root access on the server, so
9 > requiring them to type 'sudo' in front of the command isn't overly
10 > burdensome, imo.
11 That means I have to either give my staff sudo access to use traceroute,
12 when I want them to be able to use it to diagnose network problems. And set
13 up in this same "security mindset", sudo will require a password upon
14 execution.
16 A (imho) better solution would be to perhaps do a 4750 by default, and give
17 it to a specific group, say "staff" or the like, this way I can add my staff
18 to that particular group once, and not have to muck permissions everytime a
19 new release of traceroute comes out.
21 $.02 + $.02 makes $.04, I should get an old top hat to collect the change..
23 -d


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Kurt Lieber <klieber@g.o>
Re: [gentoo-security] Changes to traceroute in newest release Bill Moritz <ego@××××××××××.com>