| 1 |
On Tue, 16 Dec 2003 13:33:07 -0500 |
| 2 |
Mark Guertin <guertin@××××××××××××××.com> wrote: |
| 3 |
|
| 4 |
> On 16-Dec-03, at 1:16 PM, Michael Reilly wrote: |
| 5 |
> |
| 6 |
> >> Well, I can't speak for everyone else, but I certainly find the |
| 7 |
> >> changes |
| 8 |
> >> welcome. |
| 9 |
> > |
| 10 |
> > I find the change offensive. It is my system and I want the tools I |
| 11 |
> > install |
| 12 |
> > to work. There is no excuse for someone thinking they can force me to |
| 13 |
> > su |
| 14 |
> > every time I want to run traceroute. Of course the fix is obvious - |
| 15 |
> > chmod |
| 16 |
> > 4755 traceroute. |
| 17 |
> > |
| 18 |
> > Why isn't this a USE option? |
| 19 |
> |
| 20 |
> a USE option for this doesn't make a lot of sense in my mind .... think |
| 21 |
> about it. USE="suid" could be more like USE="hackmenow" ;) The trend |
| 22 |
> with security is to eliminate this sort of thing, not to encourage it. |
| 23 |
|
| 24 |
Depends on how you view security and where you want to put your security. I |
| 25 |
much prefer an overall solution like selinux or rsbac and to some extent |
| 26 |
grsecurity. Making a single or few tools more difficult to use doesn't help |
| 27 |
security in the end. |
| 28 |
|
| 29 |
> That said it's easy enough for you to chmod it, so maybe a simple ewarn |
| 30 |
> is in order for people that have this concern that they can chmod it if |
| 31 |
> they desire, but I agree that by default that less with these |
| 32 |
> permissions are better. |
| 33 |
|
| 34 |
A warning would be useful. What I disagree with is someone silently making |
| 35 |
tools less useful without letting the person installing the tool and using |
| 36 |
the system know what is being done and not allowing an option to retain the |
| 37 |
functionality. |
| 38 |
|
| 39 |
michael |
| 40 |
> |
| 41 |
> cfengine is the good stuff. Works on OSX too in case anyone cares :) |
| 42 |
|
| 43 |
Thanks for the pointer to cfengine - I'll take a look. |
| 44 |
> |
| 45 |
> Mark |
| 46 |
> |
| 47 |
> |
| 48 |
> -- |
| 49 |
> gentoo-security@g.o mailing list |
| 50 |
|
| 51 |
|
| 52 |
-- |
| 53 |
---- ---- ---- |
| 54 |
Michael Reilly michaelr@×××××.com |
| 55 |
Cisco Systems, Santa Cruz, CA |
| 56 |
|
| 57 |
-- |
| 58 |
gentoo-security@g.o mailing list |
Archives