mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-24 23:32:12 +08:00
a4acd46325
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1384 af4574ff-66df-0310-9fd7-8a98e5e911e0
35 lines
1.6 KiB
XML
35 lines
1.6 KiB
XML
<sect2>
|
|
<title>Command explanations</title>
|
|
|
|
<para><screen><command>sed 's/-o bin/-o root/'...</command></screen>
|
|
Adjusts the <filename>Makefile</filename> so that the program is installed
|
|
with user root instead of user bin (which doesn't exist on a default
|
|
<acronym>LFS</acronym> system).</para>
|
|
|
|
<para><command>make install</command>: Installs <command>traceroute</command>
|
|
with <acronym>UID</acronym> set to root in the <filename>/usr/sbin</filename> directory. This makes it
|
|
possible for all users to execute <command>traceroute</command>. For absolute
|
|
security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file
|
|
permissions with the command:</para>
|
|
<screen><command>chmod 0755 /usr/sbin/traceroute</command></screen>
|
|
|
|
<para>The risk is that if a security problem such as a buffer overflow were
|
|
ever found in the <application>Traceroute</application> code, a regular user
|
|
on your system could gain root access if the program is
|
|
<acronym>SUID</acronym> root. Removing
|
|
the <acronym>SUID</acronym> permission of course also makes it impossible for users other than
|
|
root to utilize <command>traceroute</command>, so decide what's right for your
|
|
individual situation.</para>
|
|
|
|
<para>Now, to be completely <acronym>FHS</acronym> compliant, as is our aim, if
|
|
you do leave the <command>traceroute</command> binary
|
|
<acronym>SUID</acronym> root, then you
|
|
should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
|
|
with the following command:</para>
|
|
<screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen>
|
|
|
|
<para>This ensures that the binary is in the path for non-root users.</para>
|
|
|
|
</sect2>
|
|
|