From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JdVCB-0001Zg-AA for garchives@archives.gentoo.org; Sun, 23 Mar 2008 18:45:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A5346E0457; Sun, 23 Mar 2008 18:45:25 +0000 (UTC) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by pigeon.gentoo.org (Postfix) with ESMTP id 5A175E0457 for ; Sun, 23 Mar 2008 18:45:25 +0000 (UTC) Received: by ug-out-1314.google.com with SMTP id j3so1898989ugf.49 for ; Sun, 23 Mar 2008 11:45:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=1tAlEtoS2Ww0EMJs2wdEKtjyrRmZiKMjbJo54sGB6rw=; b=cEuk2+JQ2CX8+Ue8n3XOuAlYpTpuwUbvZhSGAGwiosvz2FjrrlZHAQBXf1kPe1/Jce+yTgFf9SATOfjp8ZVtAqaxOKY9oTdg/YWltXtY50vAxlwshzBVHwCRRUVlnw9dsVxG7DzDWg30+uRL2Xg8iCjPTIhLMWappFF/7cYUNVA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=tBkxKhRNByu6c/togFaLfAtIno78DaqPhg1h6Qk6mwUc4stVCeNzZAuux3yg/dnseKHlLhrC2WJFcjXFL7JgiSARXoKfLs9L4XaWRKI3HCqVV6706WWCm/SN+/1RDWPZ8TpnJZIDfi4Xzf0SszfAL45zGaDVjt/5l2K9HX1so68= Received: by 10.66.217.20 with SMTP id p20mr4095550ugg.51.1206297924722; Sun, 23 Mar 2008 11:45:24 -0700 (PDT) Received: by 10.66.225.9 with HTTP; Sun, 23 Mar 2008 11:45:24 -0700 (PDT) Message-ID: <9e0cf0bf0803231145g350fc47ai6747e3a4067a7f3a@mail.gmail.com> Date: Sun, 23 Mar 2008 20:45:24 +0200 From: "Alon Bar-Lev" Sender: alon.barlev@gmail.com To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [SECURITY] Minimizing the suid usage In-Reply-To: <20080323183420.0189116e@snowcone> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <9e0cf0bf0803231121t75eb67abu60f17f54086dd32@mail.gmail.com> <20080323182645.76fc5c86@snowcone> <9e0cf0bf0803231130h3710b6c3g15ce46dc46bbe6c@mail.gmail.com> <20080323183420.0189116e@snowcone> X-Google-Sender-Auth: 06131b55d9c47a93 X-Archives-Salt: 5c9d86a6-b38a-42d6-9981-398a0f7d1fde X-Archives-Hash: f2ec3c6529e9bff58e3a92b44b7c4e65 On 3/23/08, Ciaran McCreesh wrote: > > Why? A simple USE flag should be enough, if set use caps, if not use > > current. > > > A user turns the use flag on, the ebuild creates files using caps > rather than set*id, the package manager merges it by copying the file > and the installed file ends up with no caps and no set*id bit. File system attributes already supported for selinux. I also checked this with capabilities and it works with portage. Alon. -- gentoo-dev@lists.gentoo.org mailing list