1 |
On 29/04/13 17:22, Joerg Schilling wrote: |
2 |
> Nikos Chantziaras <realnc@×××××.com> wrote: |
3 |
>> You don't know what my intentions are. I might be doing testing, |
4 |
>> debugging, who knows what. It's the "trying to be smarter than the |
5 |
>> user" thing. The defaults of course would be to built the software in a |
6 |
>> sane, secure way. Only users who know what they're doing would disable |
7 |
>> that, and they'd have their reasons. |
8 |
> |
9 |
> Would you call someone who shoots himself into the foot "smart"? |
10 |
> |
11 |
> Recent Linux kernels support fcaps in the filesystems and "somebody" evil, who |
12 |
> knows what he does may even set up fcaps on executable files when the related |
13 |
> support-software is not installed, just because the unstable kernel interfaces |
14 |
> are accessible from libc. |
15 |
> |
16 |
> Do you like people to be able to open security holes? |
17 |
|
18 |
You don't know what my intentions are and why I want to disable libcap. |
19 |
I have my reasons. This happens because it is actually possible to |
20 |
disable it. |
21 |
|
22 |
If you really don't like that, then you should probably make libcap |
23 |
mandatory. Assume it's there, and if it's not, the user should get |
24 |
compile errors. |
25 |
|
26 |
But as long as it's not mandatory, I have my reasons why I would want to |
27 |
disable it, just as I have my reasons why I would want to explicitly |
28 |
enable it. What if autodetection fails? If I use the appropriate |
29 |
"enable libcap" flag, and libcap is not there, or it's broken, or |
30 |
whatever, I don't want to get a build that's now insecure. I want the |
31 |
build to abort with a big, fat error. |
32 |
|
33 |
I think you're too used to binary distros and Solaris to appreciate the |
34 |
different requirements of source-based distros :-) |