Re: [gentoo-dev] [SECURITY] Minimizing the suid usage

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Bruno <bonbons67@internet.lu>
To: gentoo-dev@lists.gentoo.org
Cc: ciaran.mccreesh@googlemail.com, Alon Bar-Lev <alonbl@gentoo.org>,
	Mike Frysinger <vapier@gentoo.org>
Subject: Re: [gentoo-dev] [SECURITY] Minimizing the suid usage
Date: Thu, 1 Jan 2009 13:23:27 +0100	[thread overview]
Message-ID: <20090101132327.5ccc0413@neptune.home> (raw)
In-Reply-To: <20080805095412.20a34d82@snowcone>

On Tue, 05 August 2008 Ciaran McCreesh wrote:
> On Tue, 5 Aug 2008 10:51:09 +0200 Bruno Prémont wrote:
> > Has any progress happened since March for adding support for
> > FILE_CAPABILITIES?
> 
> Well, Alon still hasn't backed up his claim that Portage supports
> capabilities... Fairly important to establish that before anything
> else...
> 
In case the package manager has trouble with attributes (or the target
filesystem does not support them) a way to keep the system running
would be to apply the capabilities during src_install and have the
eclass check during pkg_postinst, eventually retrying and finally
falling back to suid at that point.
Even binpkg would be handled that way.

For this to work the eclass would have to remember the list of files
from src_install until pkg_postinst so that it can do all the work once
again (with a single call from the ebuild).

Bruno

     prev parent reply	other threads:[~2009-01-01 12:23 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-23 18:21 [gentoo-dev] [SECURITY] Minimizing the suid usage Alon Bar-Lev
2008-03-23 18:26 ` Ciaran McCreesh
2008-03-23 18:30   ` Alon Bar-Lev
2008-03-23 18:34     ` Ciaran McCreesh
2008-03-23 18:45       ` Alon Bar-Lev
2008-03-23 22:02         ` Ciaran McCreesh
2008-04-01 10:50         ` Ciaran McCreesh
2008-03-24 11:50 ` Mike Frysinger
2008-03-24 12:27   ` Alon Bar-Lev
2008-03-24 13:20     ` Ciaran McCreesh
2008-03-24 13:53     ` Mike Frysinger
2008-03-24 13:55       ` Alon Bar-Lev
2008-08-05  8:51 ` Bruno Prémont
2008-08-05  8:54   ` Ciaran McCreesh
2009-01-01 12:23     ` Bruno [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090101132327.5ccc0413@neptune.home \
    --to=bonbons67@internet.lu \
    --cc=alonbl@gentoo.org \
    --cc=ciaran.mccreesh@googlemail.com \
    --cc=gentoo-dev@lists.gentoo.org \
    --cc=vapier@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox