Re: Setting file capabilites of files shipped in binary packages

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Setting file capabilites of files shipped in binary packages
From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Date: Mon, 14 Mar 2011 15:43:35 +0200
Message-id: <[🔎] 84sjupu8ag.fsf@sauna.l.org>
In-reply-to: <[🔎] 20110313195606.GA8419@chough.tokkee.org> (Sebastian Harl's message of "Sun, 13 Mar 2011 20:56:07 +0100")
References: <[🔎] 20110313195606.GA8419@chough.tokkee.org>

Sebastian Harl <tokkee@debian.org> writes:
> Imho, setting the file capability is a nicer approach than setting the
> setuid bit.

Do you know about any lurking bugs (in udev, dbus, etc?) that could
allow one to escalate CAP_NET_RAW to full root privileges in regular
squeeze installations?

Reply to:

References:
- Setting file capabilites of files shipped in binary packages
  - From: Sebastian Harl <tokkee@debian.org>

Prev by Date: Re: Re: Mirror problems?
Next by Date: Re: Setting file capabilites of files shipped in binary packages
Previous by thread: Re: Setting file capabilites of files shipped in binary packages
Next by thread: Bug#618272: ITP: libperlio-gzip-perl -- module providing a PerlIO layer to gzip/gunzip
Index(es):
- Date
- Thread