Bug 47210

Summary:	net-analyzer/mtr: SUID set wrong.
Product:	Gentoo Linux	Reporter:	Philipp Kern <phil>
Component:	New packages	Assignee:	Gentoo Netmon project <netmon>
Status:	RESOLVED FIXED
Severity:	normal	CC:	eldad
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	mtr-0.54-r2 ebuild

Description Philipp Kern 2004-04-08 06:11:29 UTC

Out of security reasons -- as in most of the other packages -- the suid binaries should be set 4711 to deny read access to non-root.

This affects in this package:
-rwsr-xr-x  1 root 72055 Jan  3 16:47 /usr/bin/mtr

Comment 1 Eldad Zack (RETIRED) gentoo-dev

2004-05-20 11:52:42 UTC

Created attachment 31775 [details]
mtr-0.54-r2 ebuild

fixes /usr/bin/mtr permissions (4710) and also sets the owner as root:wheel,
just like traceroute.

Comment 2 Eldad Zack (RETIRED) gentoo-dev

2004-05-20 11:53:30 UTC

Note that this package is missing metadata.xml.

also, current version is 0.58, but I can't bump it from 0.54-r1 since it contains an ipv6 patch that doesn't apply cleanly.
I see there's code to handle ipv6, but since I don't have ipv6 I can't test that out.

Comment 3 Philipp Kern 2004-05-20 12:26:31 UTC

I didn't see some IPv6 functionality in mtr-0.58.
sixxs.net is a good tunnel broker by the way.

Comment 4 Eldad Zack (RETIRED) gentoo-dev

2004-05-20 13:11:47 UTC

Let's keep 0.54 in the mean time, until mtr gets proper ipv6 (its configure script/doc doesn't mention ipv6, though it looks like the code does have some ipv6 hooks - I forced it to compile ipv6 support with -DENABLE_IPV6, but it's unable to resolve net6_open)

Comment 5 Eldad Zack (RETIRED) gentoo-dev

2004-06-30 16:25:06 UTC

0.54 fixed suid now in portage, Thanks Philipp!