Gentoo Archives: gentoo-security

From: David Olsen <do@×××××××.com>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 11:27:29
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by Kurt Lieber
On 2003-12-16 at 12:18:42, Kurt Lieber <klieber@g.o> wrote:
> This is going to sound inflammatory, but I truly don't mean it as such.
Opinions are just that. Mature people with mature opinons should accept as such.
> At least on my servers, the only people I want using tools like > traceroute/tracepath are those folks who are responsbible for administering > them. Those are the same people who have root access on the server, so > requiring them to type 'sudo' in front of the command isn't overly > burdensome, imo.
That means I have to either give my staff sudo access to use traceroute, when I want them to be able to use it to diagnose network problems. And set up in this same "security mindset", sudo will require a password upon execution. A (imho) better solution would be to perhaps do a 4750 by default, and give it to a specific group, say "staff" or the like, this way I can add my staff to that particular group once, and not have to muck permissions everytime a new release of traceroute comes out. $.02 + $.02 makes $.04, I should get an old top hat to collect the change.. -d


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Kurt Lieber <klieber@g.o>
Re: [gentoo-security] Changes to traceroute in newest release Bill Moritz <ego@××××××××××.com>