From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JdYH6-0006N4-R4 for garchives@archives.gentoo.org; Sun, 23 Mar 2008 22:02:45 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2DA4DE0505; Sun, 23 Mar 2008 22:02:43 +0000 (UTC) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by pigeon.gentoo.org (Postfix) with ESMTP id D70B3E0505 for ; Sun, 23 Mar 2008 22:02:42 +0000 (UTC) Received: by nf-out-0910.google.com with SMTP id f5so776354nfh.26 for ; Sun, 23 Mar 2008 15:02:42 -0700 (PDT) Received: by 10.78.162.4 with SMTP id k4mr18316999hue.43.1206309761943; Sun, 23 Mar 2008 15:02:41 -0700 (PDT) Received: from localhost ( [213.121.151.206]) by mx.google.com with ESMTPS id j10sm7224834muh.16.2008.03.23.15.02.40 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 23 Mar 2008 15:02:41 -0700 (PDT) Date: Sun, 23 Mar 2008 22:02:30 +0000 From: Ciaran McCreesh To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [SECURITY] Minimizing the suid usage Message-ID: <20080323220230.68100477@googlemail.com> In-Reply-To: <9e0cf0bf0803231145g350fc47ai6747e3a4067a7f3a@mail.gmail.com> References: <9e0cf0bf0803231121t75eb67abu60f17f54086dd32@mail.gmail.com> <20080323182645.76fc5c86@snowcone> <9e0cf0bf0803231130h3710b6c3g15ce46dc46bbe6c@mail.gmail.com> <20080323183420.0189116e@snowcone> <9e0cf0bf0803231145g350fc47ai6747e3a4067a7f3a@mail.gmail.com> X-Mailer: Claws Mail 3.3.1 (GTK+ 2.10.14; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/bu8sLm7cvgPyY8n8g4hHkNC"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 4c996375-377d-411b-8562-ae7ca624bcdb X-Archives-Hash: 4fa3dfcc90da354ec5e1587cf676f8a6 --Sig_/bu8sLm7cvgPyY8n8g4hHkNC Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 23 Mar 2008 20:45:24 +0200 "Alon Bar-Lev" wrote: > On 3/23/08, Ciaran McCreesh wrote: > > > Why? A simple USE flag should be enough, if set use caps, if not > > > use current. > > > > > > A user turns the use flag on, the ebuild creates files using caps > > rather than set*id, the package manager merges it by copying the > > file and the installed file ends up with no caps and no set*id bit. >=20 > File system attributes already supported for selinux. I also checked > this with capabilities and it works with portage. But they aren't upscaled. --=20 Ciaran McCreesh --Sig_/bu8sLm7cvgPyY8n8g4hHkNC Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH5tN996zL6DUtXhERAgIlAKDQwUJId4TT3ky47EOs9dydbVdgwQCgkyTg sxN6t6XmL326Yja/JXmZN/g= =BvxA -----END PGP SIGNATURE----- --Sig_/bu8sLm7cvgPyY8n8g4hHkNC-- -- gentoo-dev@lists.gentoo.org mailing list