On 11/05/2017 01:49, Adam Carter wrote: > I want to allow some fairly well trusted users the ablilty to do traces > with icmp. I can give them sudo, but how high is the risk of making > traceroute suid root? AFAIK making text editors or anything that has an > ability to run shell commands suid root is effectively giving them root > access, but other than exploiting vulnerabilities in traceroute itself, > are there any other issues?
You have at least 3 approaches 1. suid root. If you err on the side of the binary probably being OK, you will probably be fine. I don't know of any issues with traceroute, I have many systems where it ships suid root without issue (like ping) 2. sudo, which frankly is a monumental PITA to maintain - it tends to grow and bloat and the syntax isn't easy to parse in your mind. It also doesn't let you give users access to a certain thing, you have to come up with all the commands that do that, then figure out a regex that matches what you want and nothing you don't want. A real PITA 3. Capabilities, like John said. Ideally this is what you really want. User's can't run traceroute because they can't open raw sockets. Capabilities let you give them that permission, deftly avoiding questions as to the vuln status of the traceroute binary -- Alan McKinnon alan.mckin...@gmail.com
