Re: horse carcas flogging (was: traceroute in /usr/bin, not /usr/sbin)
On Sun, 17 Jun 2001, Adam McKenna wrote:
> On Sun, Jun 17, 2001 at 03:22:58PM -0800, Ethan Benson wrote:
> > i disagree with your statement that the maintainer has NO discretion,
> > i think rusty's remarks make that clear: `assuming traceroute is
> > setuid' the maintainer decides whats setuid in his package. debian
> > has shipped many traditionally setuid binaries non-setuid for a long
> > time (dump and restore for example).
> Yes, but in this case, it's impossible because traceroute needs to be suid.
> It needs to set certain socket parameters that can only be set by root.
Precisely... if traceroute is a tool that /needs/ to be set suid root because
there are people using it who don't have root privileges, isn't that a pretty
good indicator that traceroute is not exclusively a tool for admins?
Steve Langasek
postmodern programmer
Reply to: