-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 02/22/2016 04:59 PM, Noah Meyerhans wrote:
> Thanks. In the meantime, I've submitted 815566 against libcap2-bin
> requesting that it be raised to Priority: important to match
> iputils and systemd, which is the right solution hered.
Probably a good idea to do that, thanks!
>> I would still highly discourage from using setuid anymore anyway
>> for the well-known security issues it has [1]. I mean, setuid is
>> one of the main reason capabilities were introduced to the Linux
>> kernel in the first place.
>
> As long as it's possible for Debian systems to work on kernels that
> don't support capabilities, I want to keep the suid fallback in
> place, especially if it's only actually used under custom
> configurations.
I didn't say you should remove setuid altogether. I just said you should
use capabilties on Linux by default by setting:
Depends: libcap2-bin [linux-any]
I'm aware we can't use capabilities on the non-Linux kernels yet, but
since dpkg allows us to set dependencies per arch or per kernel, I don't
see any particular problem adding libcap2-bin as to Depends for Linux
kernels.
Adrian
- --
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - [email protected]
`. `' Freie Universitaet Berlin - [email protected]
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWy2xlAAoJEHQmOzf1tfkT3R4P/isqmu1APaSecpJqH7uTW7X+
fCEmSd4FBglVJy+jYQ2vJinkR04ZYlvUELOkmqUIQk/juPbLBZN695LHhjuWFTCX
LL8NraJguvFqzPfx0OkESLe14sAf5CXcg++LLzOQnJ/SpScRbaEa/62ZRdufonj9
17+OlsMAvrSEQtoj6Al3hQEQiH6aseHgD8tyCpq79xIpAgC8UUeA6ETOYMZLFu/b
YyuQ9w9YvupeUv1vI8ic4b4UgCCAq+oW7gpF8XyHMnJGMM/dIWtPYa75jNHn9JcE
2QKzQ7TEllrLSmMW8I7dk0VCAiq2fl0B8sPt05IUk2TOzowJk7Cd/UljYmPG4Xx0
NlonR7qP3lzAIsMxDuxSxpRZk4SUC1q1UHDLcRLHkDj4iXoYcsF3F0Ud200b6SsF
VNQVftjgMJESoEDklYtIPn7zgdkSjp5rGDFnLxzyc8Ya/qX6EBEBh7pvyP5qMjir
W/EaGvPfg8qYqbNxV0f8YhRZkGg+jpL8onfMNwXEsn2LJkFmFpoztKVpHKMpcw6K
UNte8uxQpp4HS9qu95/qSbK2u3ZstT7YNEjSr3EOigrJpWsMakm45KwjczzTYYjR
4L7A9G8qdtdHztgXgJ9+NLSPUHS94SUqgxkA/1mKaCL4uqt7wUUztUK2fNHcsjoX
Y/IQRIF0ePiN8lSSLmZj
=+YrK
-----END PGP SIGNATURE-----
