Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
This is a good premise, however, a bug must be submitted and reviewed to make
the *official* determination. Please submit a bug.
George (gk4)
Ken Burrell wrote:
>
> Matt,
>
> OK, test error.
>
> Then, who is going to fix it at LSB?
>
> Ken
>
> Matt Wilson wrote:
> >
> > On Tue, May 14, 2002 at 04:13:04PM -0700, Ken Burrell wrote:
> > > Matt,
> > >
> > > Are you aware that practically every security alert for Linux recommends
> > > that the suid bit be turned off in ping because of security exploits?
> >
> > This may have been the case several years ago, but most Linux ping
> > implementations have been rewritten with security in mind. This
> > includes dropping root privileges after acquiring the raw socket.
> >
> > > The LSB test simply says its wrong to have suid turned off; but that is
> > > clearly an option of any sensible system administrator.
> >
> > No, that's not what the LSB requires. The requirement is "The
> > implementation provides an exec-able version of the ping utility in
> > the /bin directory." The test is wrong because it tries to run:
> >
> > /bin/ping -c 2 localhost
> >
> > A sufficient test would be
> >
> > [ -x /bin/ping ]
> >
> > > For a non-networked, home user, it wont matter; but the LSB has to take
> > > into account the many different security requirements of a Linux
> > > installation.
> > >
> > > Dont you think its a bit ridiculous to specify in the LSB that you
> > > *must* have the suid bit turned on?
> >
> > Again, test error.
> >
> > Cheers,
> >
> > Matt
>
> --
> Ken Burrell High Performance Computing
> Project Manager, R&D MSC.Software Corporation
> voice: (714)445-5612 2 MacArthur Place
> fax: (714)784-4116 Santa Ana, CA 92707
>
> --
> To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
> with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org
--
George Kraft IV
gk4@austin.ibm.com
--
To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org
Reply to: