Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping

To: Ken Burrell <ken.burrell@mscsoftware.com>
Cc: Matt Wilson <msw@redhat.com>, candee.hoecker@mscsoftware.com, lsb-test@lists.linuxbase.org
Subject: Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
From: George Kraft IV <gk4@austin.ibm.com>
Date: Wed, 15 May 2002 15:28:46 -0500
Message-id: <[🔎] 3CE2C4FE.AE966443@austin.ibm.com>
Reply-to: gk4@austin.ibm.com
References: <[🔎] OF61B4729B.F5FC3FE3-ON88256BB9.0064D478@LocalDomain> <[🔎] 20020514185437.C32716@devserv.devel.redhat.com> <[🔎] 3CE19A00.88BF3FD9@mscsoftware.com> <[🔎] 20020514214435.D32716@devserv.devel.redhat.com> <[🔎] 3CE29624.83BE8485@mscsoftware.com>

This is a good premise, however, a bug must be submitted and reviewed to make
the *official* determination.  Please submit a bug.

George (gk4)

Ken Burrell wrote:
> 
> Matt,
> 
> OK, test error.
> 
> Then, who is going to fix it at LSB?
> 
> Ken
> 
> Matt Wilson wrote:
> >
> > On Tue, May 14, 2002 at 04:13:04PM -0700, Ken Burrell wrote:
> > > Matt,
> > >
> > > Are you aware that practically every security alert for Linux recommends
> > > that the suid bit be turned off in ping because of security exploits?
> >
> > This may have been the case several years ago, but most Linux ping
> > implementations have been rewritten with security in mind.  This
> > includes dropping root privileges after acquiring the raw socket.
> >
> > > The LSB test simply says its wrong to have suid turned off; but that is
> > > clearly an option of any sensible system administrator.
> >
> > No, that's not what the LSB requires.  The requirement is "The
> > implementation provides an exec-able version of the ping utility in
> > the /bin directory."  The test is wrong because it tries to run:
> >
> > /bin/ping -c 2 localhost
> >
> > A sufficient test would be
> >
> > [ -x /bin/ping ]
> >
> > > For a non-networked, home user, it wont matter; but the LSB has to take
> > > into account the many different security requirements of a Linux
> > > installation.
> > >
> > > Dont you think its a bit ridiculous to specify in the LSB that you
> > > *must* have the suid bit turned on?
> >
> > Again, test error.
> >
> > Cheers,
> >
> > Matt
> 
> --
> Ken Burrell             High Performance Computing
> Project Manager, R&D    MSC.Software Corporation
> voice:  (714)445-5612   2 MacArthur Place
> fax:    (714)784-4116   Santa Ana, CA 92707
> 
> --
> To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
> with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org

-- 
George Kraft IV
gk4@austin.ibm.com


-- 
To UNSUBSCRIBE, email to lsb-test-request@lists.linuxbase.org
with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org

Reply to:

References:
- /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
  - From: candee.hoecker@mscsoftware.com
- Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
  - From: Matt Wilson <msw@redhat.com>
- Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
  - From: Ken Burrell <ken.burrell@mscsoftware.com>
- Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
  - From: Matt Wilson <msw@redhat.com>
- Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
  - From: Ken Burrell <ken.burrell@mscsoftware.com>

Prev by Date: Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
Next by Date: Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
Previous by thread: Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
Next by thread: Re: /tset/LSB.fhs/root/bin/bin-tc 45 failure - /bin/ping
Index(es):
- Date
- Thread