10.0
10.1
11.0
11.1
11.2
11.3
12.0
6.0
6.1
6.2
6.2.0
6.2.0-rc1
6.2.0-rc2
6.3
6.3-rc1
6.3-rc2
6.3-rc3
7.10
7.4
7.5
7.6
7.6-blfs
7.6-systemd
7.7
7.8
7.9
8.0
8.1
8.2
8.3
8.4
9.0
9.1
basic
bdubbs/svn
elogind
gnome
kde5-13430
kde5-14269
kde5-14686
kea
ken/inkscape-core-mods
krejzi/svn
lazarus
lxqt
nosym
perl-modules
plabs/python-mods
qt5new
systemd-11177
systemd-13485
trunk
upgradedb
v1_0
v5_0
v5_0-pre1
v5_1
v5_1-pre1
xry111/intltool
xry111/soup3
xry111/test-20220226
xry111/xf86-video-removal
|
Last change
on this file since f5048964 was f5048964, checked in by Mark Hymers <markh@…>, 21 years ago |
|
update traceroute instructions
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@66 af4574ff-66df-0310-9fd7-8a98e5e911e0
|
-
Property mode
set to
100644
|
|
File size:
1.3 KB
|
| Line | |
|---|
| 1 | <sect2>
|
|---|
| 2 | <title>Command explanations</title>
|
|---|
| 3 |
|
|---|
| 4 | <para><screen><userinput>sed 's/-o bin/-o root/' :</userinput></screen>
|
|---|
| 5 | Adjusts the Makefile so that the program is installed with user root instead
|
|---|
| 6 | of user bin (which doesn't exist on a default LFS system).</para>
|
|---|
| 7 |
|
|---|
| 8 | <para><userinput>make install: </userinput> Installs traceroute setuid root
|
|---|
| 9 | in the /usr/sbin directory. This makes it possible for all users to execute
|
|---|
| 10 | traceroute. For absolute security, turn off the setuid bit in traceroute's
|
|---|
| 11 | file permissions with the command
|
|---|
| 12 | <screen><userinput>chmod 0755 /usr/sbin/traceroute</userinput></screen></para>
|
|---|
| 13 |
|
|---|
| 14 | <para>The risk is that if a security problem such as a buffer overflow were
|
|---|
| 15 | ever found in the traceroute code, a regular user on your system could gain
|
|---|
| 16 | root access if the program is setuid root. Removing the setuid permission
|
|---|
| 17 | of course also makes it impossible for users other than root to utilize
|
|---|
| 18 | traceroute, so decide what's right for your individual situation.</para>
|
|---|
| 19 |
|
|---|
| 20 | <para>Now, to be completely FHS compliant, as is our aim, if you do leave the
|
|---|
| 21 | traceroute binary setuid root, then you should move traceroute to /usr/bin
|
|---|
| 22 | with the following command:
|
|---|
| 23 | <screen><userinput>mv /usr/sbin/traceroute /usr/bin</userinput></screen></para>
|
|---|
| 24 |
|
|---|
| 25 | <para>This ensures that the binary is in the path for non-root users.</para>
|
|---|
| 26 |
|
|---|
| 27 | </sect2>
|
|---|
| 28 |
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
