1 | <sect2>
|
---|
2 | <title>Command explanations</title>
|
---|
3 |
|
---|
4 | <para><screen><command>sed 's/-o bin/-o root/'...</command></screen>
|
---|
5 | Adjusts the <filename>Makefile</filename> so that the program is installed
|
---|
6 | with user root instead of user bin (which doesn't exist on a default
|
---|
7 | <acronym>LFS</acronym> system).</para>
|
---|
8 |
|
---|
9 | <para><command>make install</command>: Installs <command>traceroute</command>
|
---|
10 | with <acronym>SUID</acronym> set to root in the <filename>/usr/sbin</filename> directory. This makes it
|
---|
11 | possible for all users to execute <command>traceroute</command>. For absolute
|
---|
12 | security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file
|
---|
13 | permissions with the command:</para>
|
---|
14 | <screen><command>chmod 0755 /usr/sbin/traceroute</command></screen>
|
---|
15 |
|
---|
16 | <para>The risk is that if a security problem such as a buffer overflow was
|
---|
17 | ever found in the <application>Traceroute</application> code, a regular user
|
---|
18 | on your system could gain root access if the program is
|
---|
19 | <acronym>SUID</acronym> root. Of course, removing
|
---|
20 | the <acronym>SUID</acronym> permission also makes it impossible for users other than
|
---|
21 | root to utilize <command>traceroute</command>, so decide what's right for your
|
---|
22 | individual situation.</para>
|
---|
23 |
|
---|
24 | <para>Our aim is to be completely <acronym>FHS</acronym> compliant, so if
|
---|
25 | you do leave the <command>traceroute</command> binary
|
---|
26 | <acronym>SUID</acronym> root, then you
|
---|
27 | should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
|
---|
28 | with the following command:</para>
|
---|
29 | <screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen>
|
---|
30 |
|
---|
31 | <para>This ensures that the binary is in the path for non-root users.</para>
|
---|
32 |
|
---|
33 | </sect2>
|
---|
34 |
|
---|