From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JdV1b-0000oM-AR for garchives@archives.gentoo.org; Sun, 23 Mar 2008 18:34:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F29AEE0564; Sun, 23 Mar 2008 18:34:28 +0000 (UTC) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.187]) by pigeon.gentoo.org (Postfix) with ESMTP id AFAD8E0564 for ; Sun, 23 Mar 2008 18:34:28 +0000 (UTC) Received: by fk-out-0910.google.com with SMTP id 18so3556833fkq.2 for ; Sun, 23 Mar 2008 11:34:27 -0700 (PDT) Received: by 10.78.175.14 with SMTP id x14mr17695709hue.68.1206297266885; Sun, 23 Mar 2008 11:34:26 -0700 (PDT) Received: from snowcone ( [213.121.151.206]) by mx.google.com with ESMTPS id 10sm3462958hug.51.2008.03.23.11.34.25 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 23 Mar 2008 11:34:26 -0700 (PDT) Date: Sun, 23 Mar 2008 18:34:20 +0000 From: Ciaran McCreesh To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [SECURITY] Minimizing the suid usage Message-ID: <20080323183420.0189116e@snowcone> In-Reply-To: <9e0cf0bf0803231130h3710b6c3g15ce46dc46bbe6c@mail.gmail.com> References: <9e0cf0bf0803231121t75eb67abu60f17f54086dd32@mail.gmail.com> <20080323182645.76fc5c86@snowcone> <9e0cf0bf0803231130h3710b6c3g15ce46dc46bbe6c@mail.gmail.com> X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/uJiyqaVjfRkXVcuqfeUkjX/"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 180cb2f2-4a9c-4fbd-bbc7-1a40132f9a0b X-Archives-Hash: dd0e79d6a212b4959f7ca1f4eea7df89 --Sig_/uJiyqaVjfRkXVcuqfeUkjX/ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 23 Mar 2008 20:30:33 +0200 "Alon Bar-Lev" wrote: > > Needs package manager support. Effectively this requires an EAPI > > bump, since ebuilds need to know whether they can rely upon caps > > being preserved across a merge or whether they have to degrade to a > > setuid bit. >=20 > Why? A simple USE flag should be enough, if set use caps, if not use > current. A user turns the use flag on, the ebuild creates files using caps rather than set*id, the package manager merges it by copying the file and the installed file ends up with no caps and no set*id bit. --=20 Ciaran McCreesh --Sig_/uJiyqaVjfRkXVcuqfeUkjX/ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH5qKu96zL6DUtXhERAiXmAKC2z9nwBfqAJtoDiR69sGzvnxEJ7QCfVJV2 qXimAR2o/I3+21f9nkLdF5E= =PIOE -----END PGP SIGNATURE----- --Sig_/uJiyqaVjfRkXVcuqfeUkjX/-- -- gentoo-dev@lists.gentoo.org mailing list