On Thu, Oct 28, 2010 at 11:08:00PM +0100, Richard W.M. Jones wrote: > On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote: > > On 10/28/2010 01:11 AM, Kevin Fenzi wrote: > > > > * #480 F15Feature - RemoveSETUID ( > > http://fedoraproject.org/wiki/Features/RemoveSETUID ) (nirik, > > 19:15:16) > > * AGREED: the feature is approved. (nirik, 19:26:46) > > > > > > This feature is now approved and I see bugs get filed. The documentation > > and guidelines are very incomplete. How does one figure out which file > > capabilities are needed by the programs I maintain that currently use > > setuid? Help, please. > > More to the point, I can easily see the setuid bit easily on a binary. > > How do I tell if these strange/hidden "capabilities" are present on a > binary? 'ls' doesn't mention anything. You want the libcap-ng-utils RPMs which provides a bunch of useful tools for this, filecap, netcap, pscap, etc. See also http://people.redhat.com/sgrubb/libcap-ng/index.html Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
