mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-02-04 15:37:16 +08:00
f45b195302
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3 af4574ff-66df-0310-9fd7-8a98e5e911e0
30 lines
1.4 KiB
XML
30 lines
1.4 KiB
XML
<sect2>
|
|
<title>Command explanations</title>
|
|
|
|
<para><screen><userinput>sed 's|@prefix@|/usr|' Makefile.in > Makefile.in~ mv Makefile.in~ Makefile.in :</userinput></screen>
|
|
Adjusts the Makefile so that traceroute will be installed in /usr/sbin
|
|
instead of /usr/local/sbin, which is where the default
|
|
installation puts it.</para>
|
|
|
|
<para><userinput>make install: </userinput> Installs traceroute setuid root
|
|
in the /usr/sbin directory. This makes it possible for all users to execute
|
|
traceroute. For absolute security, turn off the setuid bit in traceroute's
|
|
file permissions with the command
|
|
<screen><userinput>chmod 0755 /usr/sbin/traceroute</userinput></screen></para>
|
|
|
|
<para>The risk is that if a security problem such as a buffer overflow were
|
|
ever found in the traceroute code, a regular user on your system could gain
|
|
root access if the program is setuid root. Removing the setuid permission
|
|
of course also makes it impossible for users other than root to utilize
|
|
traceroute, so decide what's right for your individual situation.</para>
|
|
|
|
<para>Now, to be completely FHS compliant, as is our aim, if you do leave the
|
|
traceroute binary setuid root, then you should move traceroute to /usr/bin
|
|
with the following command:
|
|
<screen><userinput>mv /usr/sbin/traceroute /usr/bin</userinput></screen></para>
|
|
|
|
<para>This ensures that the binary is in the path for non-root users.</para>
|
|
|
|
</sect2>
|
|
|