source: basicnet/netutils/traceroute/traceroute-exp.xml@ 62e9283

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb v5_1 xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 62e9283 was a4acd463, checked in by Larry Lawrence <larry@…>, 21 years ago

whitespace patches, bootdisk patch

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1384 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 1.6 KB
Line 
1<sect2>
2<title>Command explanations</title>
3
4<para><screen><command>sed 's/-o bin/-o root/'...</command></screen>
5Adjusts the <filename>Makefile</filename> so that the program is installed
6with user root instead of user bin (which doesn't exist on a default
7<acronym>LFS</acronym> system).</para>
8
9<para><command>make install</command>: Installs <command>traceroute</command>
10with <acronym>UID</acronym> set to root in the <filename>/usr/sbin</filename> directory. This makes it
11possible for all users to execute <command>traceroute</command>. For absolute
12security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file
13permissions with the command:</para>
14<screen><command>chmod 0755 /usr/sbin/traceroute</command></screen>
15
16<para>The risk is that if a security problem such as a buffer overflow were
17ever found in the <application>Traceroute</application> code, a regular user
18on your system could gain root access if the program is
19<acronym>SUID</acronym> root. Removing
20the <acronym>SUID</acronym> permission of course also makes it impossible for users other than
21root to utilize <command>traceroute</command>, so decide what's right for your
22individual situation.</para>
23
24<para>Now, to be completely <acronym>FHS</acronym> compliant, as is our aim, if
25you do leave the <command>traceroute</command> binary
26<acronym>SUID</acronym> root, then you
27should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
28with the following command:</para>
29<screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen>
30
31<para>This ensures that the binary is in the path for non-root users.</para>
32
33</sect2>
34
Note: See TracBrowser for help on using the repository browser.