Daenyth Blank wrote: > On Wed, Nov 4, 2009 at 10:14, Daenyth Blank <daenyth+arch@xxxxxxxxx> wrote: > >> On Wed, Nov 4, 2009 at 10:12, Shridhar Daithankar >> <ghodechhap@xxxxxxxxxxxxxx> wrote: >> >>> so can this be done by default? thus reducing setuid usage? it should improve >>> security right? >>> >>> >> This should probably go on the bug tracker as a feature request. >> >> > > Actually, the article states that not all file systems support this, > so I don't think that it should be put in as the default. I think that > it deserves mention on the wiki, however. > > I writed an article in the wiki [#1] some time ago, for all common setuids in core packages and xorg about this. Some will fail and make more unsafe than safer (like mount) [#1] http://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
