[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping



Matt,

OK, test error.

Then, who is going to fix it at LSB?

Ken

Matt Wilson wrote:
> 
> On Tue, May 14, 2002 at 04:13:04PM -0700, Ken Burrell wrote:
> > Matt,
> >
> > Are you aware that practically every security alert for Linux recommends
> > that the suid bit be turned off in ping because of security exploits?
> 
> This may have been the case several years ago, but most Linux ping
> implementations have been rewritten with security in mind.  This
> includes dropping root privileges after acquiring the raw socket.
> 
> > The LSB test simply says its wrong to have suid turned off; but that is
> > clearly an option of any sensible system administrator.
> 
> No, that's not what the LSB requires.  The requirement is "The
> implementation provides an exec-able version of the ping utility in
> the /bin directory."  The test is wrong because it tries to run:
> 
> /bin/ping -c 2 localhost
> 
> A sufficient test would be
> 
> [ -x /bin/ping ]
> 
> > For a non-networked, home user, it wont matter; but the LSB has to take
> > into account the many different security requirements of a Linux
> > installation.
> >
> > Dont you think its a bit ridiculous to specify in the LSB that you
> > *must* have the suid bit turned on?
> 
> Again, test error.
> 
> Cheers,
> 
> Matt

-- 
Ken Burrell		High Performance Computing
Project Manager, R&D	MSC.Software Corporation
voice:	(714)445-5612	2 MacArthur Place
fax:	(714)784-4116	Santa Ana, CA 92707


-- 
To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org



Reply to: