On Mon, Nov 16, 2015 at 09:00:28PM +0100, Damjan Georgievski wrote: > >> What's the policy about capabilities for executables in Arch packages? > > > > I _guess_ that capabilities are used to avoid SUID binaries when this is > > secure. > > well, also, unless you set capabilities on the executable a process > can't have capabilities when a non-root process execs the executable Sure, that's what is done with the ping(8) binary. > >> I'm asking since in my setup I'm running wpa_supplicant as the > >> 'nobody' user, but I let it keep the NET_ADMIN and NET_RAW > >> capabilities (excerpt from the .service file): > > > > Read the caveat here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/README . > > Basically, you'll need a special user/group for executing > > /usr/bin/wpa_supplicant. > > right, I think that too would need to be done in a proper package. > I'd rather make it 750, and root/wpa_supplicant Which means that the filesystem package should get modified? > > > In general, why is this necessary? What kind of attack (besides DoS) is > > possible against wpa_supplicant? > > there have been buffer overflows etc. in wpa supplicant, not good for > a root process. > https://www.google.com/search?q=wpa_supplicant+CVE&ie=utf-8&oe=utf-8 But those CVEs are mostly denial of service... right? -- Leonid Isaev GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4 C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
