1 |
On Tue, Jun 20, 2006 at 08:49:41PM +0900, Georgi Georgiev wrote: |
2 |
> > Could upstream have handled it better? Yes, most definitely. Did they? |
3 |
> > No, not yet. We're stuck picking up the pieces. |
4 |
> What does upstream have to do with the decision to "chmod u+s,go-r |
5 |
> /usr/bin/gpg" or not? |
6 |
If using a kernel older than 2.6.9, and capabilities support is in the |
7 |
kernel, using capabilities is only way to avoid needing to grant full |
8 |
setuid to the binary. For kernels newer than 2.6.9, there is another |
9 |
API as well. |
10 |
|
11 |
By handling it better, I mean that the code should at runtime try both |
12 |
interfaces, rather than pick one to compile into the binary. |
13 |
|
14 |
-- |
15 |
Robin Hugh Johnson |
16 |
E-Mail : robbat2@g.o |
17 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |