source: basicnet/netutils/traceroute/traceroute-exp.xml@ c76806a

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk v5_1 xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since c76806a was c76806a, checked in by Larry Lawrence <larry@…>, 17 years ago

grammer fixes

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2250 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 1.6 KB
Line 
1<sect2>
2<title>Command explanations</title>
3
4<para><screen><command>sed 's/-o bin/-o root/'...</command></screen>
5Adjusts the <filename>Makefile</filename> so that the program is installed
6with user root instead of user bin (which doesn't exist on a default
7<acronym>LFS</acronym> system).</para>
8
9<para><command>make install</command>: Installs <command>traceroute</command>
10with <acronym>SUID</acronym> set to root in the <filename>/usr/sbin</filename> directory. This makes it
11possible for all users to execute <command>traceroute</command>. For absolute
12security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file
13permissions with the command:</para>
14<screen><command>chmod 0755 /usr/sbin/traceroute</command></screen>
15
16<para>The risk is that if a security problem such as a buffer overflow was
17ever found in the <application>Traceroute</application> code, a regular user
18on your system could gain root access if the program is
19<acronym>SUID</acronym> root. Of course, removing
20the <acronym>SUID</acronym> permission also makes it impossible for users other than
21root to utilize <command>traceroute</command>, so decide what's right for your
22individual situation.</para>
23
24<para>Our aim is to be completely <acronym>FHS</acronym> compliant, so if
25you do leave the <command>traceroute</command> binary
26<acronym>SUID</acronym> root, then you
27should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
28with the following command:</para>
29<screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen>
30
31<para>This ensures that the binary is in the path for non-root users.</para>
32
33</sect2>
34
Note: See TracBrowser for help on using the repository browser.