RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "JN" == Joe Nall <joe@xxxxxxxx> writes:

JN> On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote:

>> More to the point, I can easily see the setuid bit easily on a
>> binary.
>> How do I tell if these strange/hidden "capabilities" are
>> present on a binary?  'ls' doesn't mention anything.

JN> getcap

Interesting.  That's in the libcap package, which is sort of oddly named
because it includes executables.  And of course it's multilib, but the
binaries are arch-specific which I believe is a multilib conflict.
Probably needs the executables split out into a libcap-tools packages.

I notice that rpm supports that %caps() directive in the %files list to
specify capabilities.  I don't recall seeing that before; how long ago
did rpm grow support for it?  It looks like it came in around rpm 4.7,
so all supported Fedora releases have it.  However, I'm certain it's not
in RHEL4 and I'm pretty sure it's not in RHEL5 either, so at least the
EPEL folks will need to make a note of it.

 - J<
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux