>> What's the policy about capabilities for executables in Arch packages? > > I _guess_ that capabilities are used to avoid SUID binaries when this is > secure. well, also, unless you set capabilities on the executable a process can't have capabilities when a non-root process execs the executable -- that is until the ambient capabilities are supported in the kernel and systemd https://lwn.net/Articles/651052/ (afaik in 4.3) >> I'm asking since in my setup I'm running wpa_supplicant as the >> 'nobody' user, but I let it keep the NET_ADMIN and NET_RAW >> capabilities (excerpt from the .service file): > > Read the caveat here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/README . > Basically, you'll need a special user/group for executing > /usr/bin/wpa_supplicant. right, I think that too would need to be done in a proper package. I'd rather make it 750, and root/wpa_supplicant > In general, why is this necessary? What kind of attack (besides DoS) is > possible against wpa_supplicant? there have been buffer overflows etc. in wpa supplicant, not good for a root process. https://www.google.com/search?q=wpa_supplicant+CVE&ie=utf-8&oe=utf-8 -- damjan
