[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping

On Tue, May 14, 2002 at 04:13:04PM -0700, Ken Burrell wrote:
> Matt,
> Are you aware that practically every security alert for Linux recommends
> that the suid bit be turned off in ping because of security exploits?

This may have been the case several years ago, but most Linux ping
implementations have been rewritten with security in mind.  This
includes dropping root privileges after acquiring the raw socket.

> The LSB test simply says its wrong to have suid turned off; but that is
> clearly an option of any sensible system administrator.

No, that's not what the LSB requires.  The requirement is "The
implementation provides an exec-able version of the ping utility in
the /bin directory."  The test is wrong because it tries to run:

/bin/ping -c 2 localhost

A sufficient test would be

[ -x /bin/ping ]

> For a non-networked, home user, it wont matter; but the LSB has to take
> into account the many different security requirements of a Linux
> installation.
> Dont you think its a bit ridiculous to specify in the LSB that you
> *must* have the suid bit turned on?

Again, test error.



To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org

Reply to: