| 1 |
On Tue, Jun 20, 2006 at 08:49:41PM +0900, Georgi Georgiev wrote: |
| 2 |
> > Could upstream have handled it better? Yes, most definitely. Did they? |
| 3 |
> > No, not yet. We're stuck picking up the pieces. |
| 4 |
> What does upstream have to do with the decision to "chmod u+s,go-r |
| 5 |
> /usr/bin/gpg" or not? |
| 6 |
If using a kernel older than 2.6.9, and capabilities support is in the |
| 7 |
kernel, using capabilities is only way to avoid needing to grant full |
| 8 |
setuid to the binary. For kernels newer than 2.6.9, there is another |
| 9 |
API as well. |
| 10 |
|
| 11 |
By handling it better, I mean that the code should at runtime try both |
| 12 |
interfaces, rather than pick one to compile into the binary. |
| 13 |
|
| 14 |
-- |
| 15 |
Robin Hugh Johnson |
| 16 |
E-Mail : robbat2@g.o |
| 17 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives