Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
Matt,
OK, test error.
Then, who is going to fix it at LSB?
Ken
Matt Wilson wrote:
>
> On Tue, May 14, 2002 at 04:13:04PM -0700, Ken Burrell wrote:
> > Matt,
> >
> > Are you aware that practically every security alert for Linux recommends
> > that the suid bit be turned off in ping because of security exploits?
>
> This may have been the case several years ago, but most Linux ping
> implementations have been rewritten with security in mind. This
> includes dropping root privileges after acquiring the raw socket.
>
> > The LSB test simply says its wrong to have suid turned off; but that is
> > clearly an option of any sensible system administrator.
>
> No, that's not what the LSB requires. The requirement is "The
> implementation provides an exec-able version of the ping utility in
> the /bin directory." The test is wrong because it tries to run:
>
> /bin/ping -c 2 localhost
>
> A sufficient test would be
>
> [ -x /bin/ping ]
>
> > For a non-networked, home user, it wont matter; but the LSB has to take
> > into account the many different security requirements of a Linux
> > installation.
> >
> > Dont you think its a bit ridiculous to specify in the LSB that you
> > *must* have the suid bit turned on?
>
> Again, test error.
>
> Cheers,
>
> Matt
--
Ken Burrell High Performance Computing
Project Manager, R&D MSC.Software Corporation
voice: (714)445-5612 2 MacArthur Place
fax: (714)784-4116 Santa Ana, CA 92707
--
To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org
Reply to: