| 1 |
On 29/04/13 17:22, Joerg Schilling wrote: |
| 2 |
> Nikos Chantziaras <realnc@×××××.com> wrote: |
| 3 |
>> You don't know what my intentions are. I might be doing testing, |
| 4 |
>> debugging, who knows what. It's the "trying to be smarter than the |
| 5 |
>> user" thing. The defaults of course would be to built the software in a |
| 6 |
>> sane, secure way. Only users who know what they're doing would disable |
| 7 |
>> that, and they'd have their reasons. |
| 8 |
> |
| 9 |
> Would you call someone who shoots himself into the foot "smart"? |
| 10 |
> |
| 11 |
> Recent Linux kernels support fcaps in the filesystems and "somebody" evil, who |
| 12 |
> knows what he does may even set up fcaps on executable files when the related |
| 13 |
> support-software is not installed, just because the unstable kernel interfaces |
| 14 |
> are accessible from libc. |
| 15 |
> |
| 16 |
> Do you like people to be able to open security holes? |
| 17 |
|
| 18 |
You don't know what my intentions are and why I want to disable libcap. |
| 19 |
I have my reasons. This happens because it is actually possible to |
| 20 |
disable it. |
| 21 |
|
| 22 |
If you really don't like that, then you should probably make libcap |
| 23 |
mandatory. Assume it's there, and if it's not, the user should get |
| 24 |
compile errors. |
| 25 |
|
| 26 |
But as long as it's not mandatory, I have my reasons why I would want to |
| 27 |
disable it, just as I have my reasons why I would want to explicitly |
| 28 |
enable it. What if autodetection fails? If I use the appropriate |
| 29 |
"enable libcap" flag, and libcap is not there, or it's broken, or |
| 30 |
whatever, I don't want to get a build that's now insecure. I want the |
| 31 |
build to abort with a big, fat error. |
| 32 |
|
| 33 |
I think you're too used to binary distros and Solaris to appreciate the |
| 34 |
different requirements of source-based distros :-) |
Archives