On 08/29/2012 03:16 PM, Adam Jackson wrote: > On 8/29/12 3:06 PM, Miloslav Trmač wrote: >> On Wed, Aug 29, 2012 at 8:33 PM, Tom Callaway <tcallawa@xxxxxxxxxx> >> wrote: >>> I made an updated package (1.6.1) that has these fixes applied and sets >>> the CAP_SYS_TTY_CONFIG capability to the dfbinfo binary. (Other DirectFB >>> binaries probably need the same magic, but as I am not a DirectFB user, >>> I can't really say which ones.) >> >> Per http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 , giving the >> program CAP_SYS_TTY_CONFIG is basically equivalent to making it >> setuid-root. Was the code designed to be run in such a risky setup? > > Capabilities: still useless. Unsure. That is the reason it was failing, though. Seems like it wouldn't be a good idea to enable CAP_SYS_TTY_CONFIG by default though. ~tom == Fedora Project -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
