Re: Bug#4465: security hole in netdiag package
Alright I tried all the ideas I had. What shall I do to get consistency
with network diagnostic tools that should be be in the hads of
troublemakers?
I know the adm group is not the right one. Shall I try to set up a new
group of users being able to use network diagnostics?
tcpdump and traceroute are essential network diagnostic tools. Somehow
they need to fit into the scheme. Before the netdiag package I manually
changed permissions on all machine I installed because our administrative
staff is doing troubleshooting on campus quite frequently.
Please respond by cc to me since I dont have access to debian-devel.
On Tue, 10 Sep 1996, Peter Tobias wrote:
tobias>Package: netdiag
tobias>Version: 0.2-3
tobias>
tobias>The postinst script copies the tcpdump binary from the tcpdump
tobias>package and the traceroute binary from the netstd package to /usr/bin
tobias>and makes them setuid root.adm. This allows all users in the existing
tobias>adm group to use tcpdump to get the unencrypted passwords that are
tobias>transmitted over the network.
tobias>
tobias>IMHO the netdiag package shouldn't use tcpdump/traceroute
tobias>(neither as binaries nor as links). Copying/linking binaries from
tobias>other packages just to have them in /usr/bin is a bad idea. Maybe
tobias>something like this should be added to the guidelines.
tobias>
tobias>
tobias>Thanks,
tobias>
tobias>Peter
tobias>
tobias>--
tobias> Peter Tobias EMail:
tobias> Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
tobias> Fachbereich Elektrotechnik und Informatik tobias@debian.org
tobias> Constantiaplatz 4, 26723 Emden, Germany tobias@linux.de
tobias>
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
{} Snail Mail: FTS Box 466, 135 N.Oakland Ave, Pasadena, CA 91182 {}
{} FISH Internet System Administrator at Fuller Theological Seminary {}
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
Reply to: