Archives
Archives
| From: | Alon Bar-Lev <alonbl@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] [SECURITY] Minimizing the suid usage | ||
| Date: | Sun, 23 Mar 2008 18:45:27 | ||
| Message-Id: | 9e0cf0bf0803231145g350fc47ai6747e3a4067a7f3a@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-dev] [SECURITY] Minimizing the suid usage by Ciaran McCreesh |
||
| 1 | On 3/23/08, Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> wrote: |
| 2 | > > Why? A simple USE flag should be enough, if set use caps, if not use |
| 3 | > > current. |
| 4 | > |
| 5 | > |
| 6 | > A user turns the use flag on, the ebuild creates files using caps |
| 7 | > rather than set*id, the package manager merges it by copying the file |
| 8 | > and the installed file ends up with no caps and no set*id bit. |
| 9 | |
| 10 | File system attributes already supported for selinux. I also checked |
| 11 | this with capabilities and it works with portage. |
| 12 | |
| 13 | Alon. |
| 14 | -- |
| 15 | gentoo-dev@l.g.o mailing list |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] [SECURITY] Minimizing the suid usage | Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> |
| Re: [gentoo-dev] [SECURITY] Minimizing the suid usage | Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> |