Re: Bits from the Security Team

* Stephan Seitz <stse+debian@fsing.rootsland.net>, 2014-03-07, 15:25:

But I think capabilities are a safer solution than s-bit.

Maybe, maybe not. Many capabilities, including CAP_SYS_PTRACE, can beeasily elevated to full root.

Adding capabilities to software that wasn't specifically designed todeal with them is a bad idea.


--
Jakub Wilk

Reply to:

References:
- Re: Bits from the Security Team
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Bits from the Security Team
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Bits from the Security Team
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Bits from the Security Team
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>
- Re: Bits from the Security Team
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bits from the Security Team
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>