Changeset 6998c44a for basicnet/netutils/traceroute/traceroute-exp.xml
- Timestamp:
- 09/26/2003 02:04:06 AM (21 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 681ad68
- Parents:
- 29f033a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
basicnet/netutils/traceroute/traceroute-exp.xml
r29f033a r6998c44a 2 2 <title>Command explanations</title> 3 3 4 <para><screen><userinput>sed 's/-o bin/-o root/'...</userinput></screen> 5 Adjusts the Makefile so that the program is installed with user root instead 6 of user bin (which doesn't exist on a default LFS system).</para> 4 <para><screen><command>sed 's/-o bin/-o root/'...</command></screen> 5 Adjusts the <filename>Makefile</filename> so that the program is installed 6 with user root instead of user bin (which doesn't exist on a default 7 <acronym>LFS</acronym> system).</para> 7 8 8 <para><userinput>make install</userinput> : Installs traceroute setuid root 9 in the <filename>/usr/sbin</filename> directory. This makes it possible for all users to execute 10 traceroute. For absolute security, turn off the setuid bit in traceroute's 11 file permissions with the command: 12 <screen><userinput>chmod 0755 /usr/sbin/traceroute</userinput></screen></para> 9 <para><command>make install</command> : Installs <command>traceroute</command> 10 setuid root in the <filename>/usr/sbin</filename> directory. This makes it 11 possible for all users to execute <command>traceroute</command>. For absolute 12 security, turn off the setuid bit in <command>traceroute</command>'s file 13 permissions with the command: 14 <screen><command>chmod 0755 /usr/sbin/traceroute</command></screen></para> 13 15 14 16 <para>The risk is that if a security problem such as a buffer overflow were 15 ever found in the traceroute code, a regular user on your system could gain 16 root access if the program is setuid root. Removing the setuid permission 17 of course also makes it impossible for users other than root to utilize 18 traceroute, so decide what's right for your individual situation.</para> 17 ever found in the <application>Traceroute</application> code, a regular user 18 on your system could gain root access if the program is setuid root. Removing 19 the setuid permission of course also makes it impossible for users other than 20 root to utilize <command>traceroute</command>, so decide what's right for your 21 individual situation.</para> 19 22 20 <para>Now, to be completely FHS compliant, as is our aim, if you do leave the21 traceroute binary setuid root, then you should move traceroute to 22 <filename>/usr/bin</filename>23 <para>Now, to be completely <acronym>FHS</acronym> compliant, as is our aim, if 24 you do leave the <command>traceroute</command> binary setuid root, then you 25 should move <filename>traceroute</filename> to <filename>/usr/bin</filename> 23 26 with the following command: 24 <screen>< userinput>mv /usr/sbin/traceroute /usr/bin</userinput></screen></para>27 <screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen></para> 25 28 26 29 <para>This ensures that the binary is in the path for non-root users.</para>
Note:
See TracChangeset
for help on using the changeset viewer.