Changeset 5e18c49c for basicnet/netutils/traceroute
- Timestamp:
- 10/04/2003 02:23:39 PM (21 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- c2ee009c
- Parents:
- 5fd03d2
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
basicnet/netutils/traceroute/traceroute-exp.xml
r5fd03d2 r5e18c49c 8 8 9 9 <para><command>make install</command>: Installs <command>traceroute</command> 10 setuidroot in the <filename>/usr/sbin</filename> directory. This makes it10 with <acronym>UID</acronym> set to root in the <filename>/usr/sbin</filename> directory. This makes it 11 11 possible for all users to execute <command>traceroute</command>. For absolute 12 security, turn off the setuidbit in <command>traceroute</command>'s file12 security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file 13 13 permissions with the command: 14 14 <screen><command>chmod 0755 /usr/sbin/traceroute</command></screen></para> … … 16 16 <para>The risk is that if a security problem such as a buffer overflow were 17 17 ever found in the <application>Traceroute</application> code, a regular user 18 on your system could gain root access if the program is setuid root. Removing 19 the setuid permission of course also makes it impossible for users other than 18 on your system could gain root access if the program is 19 <acronym>SUID</acronym> root. Removing 20 the <acronym>SUID</acronym> permission of course also makes it impossible for users other than 20 21 root to utilize <command>traceroute</command>, so decide what's right for your 21 22 individual situation.</para> 22 23 23 24 <para>Now, to be completely <acronym>FHS</acronym> compliant, as is our aim, if 24 you do leave the <command>traceroute</command> binary setuid root, then you 25 you do leave the <command>traceroute</command> binary 26 <acronym>SUID</acronym> root, then you 25 27 should move <filename>traceroute</filename> to <filename>/usr/bin</filename> 26 28 with the following command:
Note:
See TracChangeset
for help on using the changeset viewer.