From: | Alon Bar-Lev <alonbl@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] [SECURITY] Minimizing the suid usage | ||
Date: | Sun, 23 Mar 2008 18:45:27 | ||
Message-Id: | 9e0cf0bf0803231145g350fc47ai6747e3a4067a7f3a@mail.gmail.com | ||
In Reply to: | Re: [gentoo-dev] [SECURITY] Minimizing the suid usage by Ciaran McCreesh |
1 | On 3/23/08, Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> wrote: |
2 | > > Why? A simple USE flag should be enough, if set use caps, if not use |
3 | > > current. |
4 | > |
5 | > |
6 | > A user turns the use flag on, the ebuild creates files using caps |
7 | > rather than set*id, the package manager merges it by copying the file |
8 | > and the installed file ends up with no caps and no set*id bit. |
9 | |
10 | File system attributes already supported for selinux. I also checked |
11 | this with capabilities and it works with portage. |
12 | |
13 | Alon. |
14 | -- |
15 | gentoo-dev@l.g.o mailing list |
Subject | Author |
---|---|
Re: [gentoo-dev] [SECURITY] Minimizing the suid usage | Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> |
Re: [gentoo-dev] [SECURITY] Minimizing the suid usage | Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> |