source: basicnet/netutils/traceroute/traceroute-exp.xml@ 0482b01

10.0 10.1 11.0 11.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/intltool xry111/test-20220226
Last change on this file since 0482b01 was 0482b01, checked in by Larry Lawrence <larry@…>, 19 years ago

exp files tag cleaned

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1274 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 1.5 KB
Line 
1<sect2>
2<title>Command explanations</title>
3
4<para><screen><command>sed 's/-o bin/-o root/'...</command></screen>
5Adjusts the <filename>Makefile</filename> so that the program is installed
6with user root instead of user bin (which doesn't exist on a default
7<acronym>LFS</acronym> system).</para>
8
9<para><command>make install</command>: Installs <command>traceroute</command>
10setuid root in the <filename>/usr/sbin</filename> directory. This makes it
11possible for all users to execute <command>traceroute</command>. For absolute
12security, turn off the setuid bit in <command>traceroute</command>'s file
13permissions with the command:
14<screen><command>chmod 0755 /usr/sbin/traceroute</command></screen></para>
15
16<para>The risk is that if a security problem such as a buffer overflow were
17ever found in the <application>Traceroute</application> code, a regular user
18on your system could gain root access if the program is setuid root. Removing
19the setuid permission of course also makes it impossible for users other than
20root to utilize <command>traceroute</command>, so decide what's right for your
21individual situation.</para>
22
23<para>Now, to be completely <acronym>FHS</acronym> compliant, as is our aim, if
24you do leave the <command>traceroute</command> binary setuid root, then you
25should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
26with the following command:
27<screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen></para>
28
29<para>This ensures that the binary is in the path for non-root users.</para>
30
31</sect2>
32
Note: See TracBrowser for help on using the repository browser.