r1617 - in trunk/BOOK: . chapter01 chapter06

robert Wed, 23 Feb 2011 13:11:35 -0800

Author: robert
Date: 2011-02-23 14:10:54 -0700 (Wed, 23 Feb 2011)
New Revision: 1617


Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter06/inetutils.xml
   trunk/BOOK/general.ent
Log:
Modify Inetutils so suid programs are not group writable.

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml  2011-02-21 01:48:44 UTC (rev 1616)
+++ trunk/BOOK/chapter01/changelog.xml  2011-02-23 21:10:54 UTC (rev 1617)
@@ -36,6 +36,15 @@
     </listitem>
 
 -->
+    <listitem>
+      <para>2011-02-23</para>
+      <itemizedlist>
+        <listitem>
+          <para>[robert] - Modify Inetutils so suid programs are not group
+          writable.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
 
     <listitem>
       <para>2011-02-04</para>

Modified: trunk/BOOK/chapter06/inetutils.xml
===================================================================
--- trunk/BOOK/chapter06/inetutils.xml  2011-02-21 01:48:44 UTC (rev 1616)
+++ trunk/BOOK/chapter06/inetutils.xml  2011-02-23 21:10:54 UTC (rev 1617)
@@ -107,8 +107,13 @@
 
     <para>Install the package:</para>
 
-<screen><userinput remap="install">make install</userinput></screen>
+<screen><userinput remap="install">make SUIDMODE="-o root -m 4755" 
install</userinput></screen>
 
+    <para>This package installs the suid-root programs group writable, which is
+    not only unnecessary but can also be a security risk. So the
+    <envar>SUIDMODE</envar> variable is redefined to install these programs
+    with more conservative permissions.</para>
+
     <para>Move some programs to their FHS-compliant place:</para>
 
 <screen><userinput remap="install">mv -v /usr/bin/{hostname,ping,ping6} /bin

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent      2011-02-21 01:48:44 UTC (rev 1616)
+++ trunk/BOOK/general.ent      2011-02-23 21:10:54 UTC (rev 1617)
@@ -1,5 +1,5 @@
-<!ENTITY version "SVN-20110204">
-<!ENTITY releasedate "February 20, 2011">
+<!ENTITY version "SVN-20110223">
+<!ENTITY releasedate "February 23, 2011">
 <!ENTITY copyrightdate "1999-2011"><!-- jhalfs needs a literal dash, not 
&ndash; -->
 <!ENTITY milestone "1.0">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or 
"x.y[-pre{x}]" -->

-- 
http://linuxfromscratch.org/mailman/listinfo/hlfs-book
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

r1617 - in trunk/BOOK: . chapter01 chapter06

Reply via email to