Gentoo Archives: gentoo-security

From: Alerts <alerts@×××××××××××××.com>
To: gentoo-security List <gentoo-security@g.o>
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 20:49:06
1 Gentlemen,
3 I mean no offense, but I think that this change detracts from both
4 usability and security. We have to remember why setuid exists in the
5 first place. It actually enhances security by discouraging the widely
6 lamented practice of spending too much time as root. It is useless for
7 us to say that users -shouldn't- do this. If they are inconvenienced,
8 and they have the ability to, they will. The only realistic way to
9 prevent workarounds to sidestep 'security' by normal users is to remove
10 the perceived need to do so.
12 After all, what is the biggest, gaping security hole in all *nix?
13 Root. One account that can do basically anything, and which is sadly
14 has often been required to do much of anything. The whole reason for
15 setuid is to allow other users to -use- the system without doing this.
17 From a distro/programmer point of view, it defeats the point to simply
18 ship things with setuid off. Realistically, either people will simply
19 enable it again (no gain, but annoyance) or start running lots of stuff
20 as root (a palpable security loss). The real gain happens when you can
21 create specialized user/group roles that can accomplish their tasks,
22 much like the shadow user for reading /etc/shadow on some distributions.
24 This may one day soon become moot as ACLs and the equivilant of Lids
25 functionality breaks the monolithic root up into administrative roles.
26 I see this as inevitable, and long overdue. This is one point where
27 Windows has us beat right now.
29 Besides, its unreasonable to assume that, (other than fixing known
30 holes) you can really secure a system one program at a time. This is a
31 case where top-down really is the best approach. If you are concerned,
32 let traceroute be suid, but implement Lids. :)
34 Just adding more cents,
35 -David Isecke
39 --
40 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release "Grégoire Welraeds" <gregoire.welraeds@××××××××.be>