* Stephan Seitz <stse+debian@fsing.rootsland.net>, 2014-03-07, 15:25:
But I think capabilities are a safer solution than s-bit.
Maybe, maybe not. Many capabilities, including CAP_SYS_PTRACE, can be easily elevated to full root.
Adding capabilities to software that wasn't specifically designed to deal with them is a bad idea.
-- Jakub Wilk