[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#4465: security hole in netdiag package

Alright I tried all the ideas I had. What shall I do to get consistency
with network diagnostic tools that should be be in the hads of

I know the adm group is not the right one. Shall I try to set up a new
group of users being able to use network diagnostics?

tcpdump and traceroute are essential network diagnostic tools. Somehow
they need to fit into the scheme. Before the netdiag package I manually
changed permissions on all machine I installed because our administrative
staff is doing troubleshooting on campus quite frequently.

Please respond by cc to me since I dont have access to debian-devel.

On Tue, 10 Sep 1996, Peter Tobias wrote:

tobias>Package: netdiag
tobias>Version: 0.2-3
tobias>The postinst script copies the tcpdump binary from the tcpdump
tobias>package and the traceroute binary from the netstd package to /usr/bin
tobias>and makes them setuid root.adm. This allows all users in the existing
tobias>adm group to use tcpdump to get the unencrypted passwords that are
tobias>transmitted over the network.
tobias>IMHO the netdiag package shouldn't use tcpdump/traceroute
tobias>(neither as binaries nor as links). Copying/linking binaries from
tobias>other packages just to have them in /usr/bin is a bad idea. Maybe
tobias>something like this should be added to the guidelines.
tobias> Peter Tobias                                EMail:
tobias> Fachhochschule Ostfriesland                 tobias@et-inf.fho-emden.de
tobias> Fachbereich Elektrotechnik und Informatik   tobias@debian.org
tobias> Constantiaplatz 4, 26723 Emden, Germany     tobias@linux.de

{}    Snail Mail:   FTS Box 466, 135 N.Oakland Ave, Pasadena, CA 91182        {}
{}    FISH Internet System Administrator at Fuller Theological Seminary       {}
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

Reply to: