Bug#409657: marked as done (libcap-bin, linux-2.6: setting capabilities does not work with Debian kernels)
Debian Bug Tracking System a écrit :
> Your message dated Sun, 4 Feb 2007 17:37:22 +0100
> with message-id <20070204163722.GA10803@wavehammer.waldi.eu.org>
> and subject line Bug#409657: libcap-bin, linux-2.6: setting capabilities does not work with Debian kernels
> has caused the attached Bug report to be marked as done.
>
> This means that you claim that the problem has been dealt with.
> If this is not the case it is now your responsibility to reopen the
> Bug report if necessary, and/or fix the problem forthwith.
>
> (NB: If you are a system administrator and have no idea what I am
> talking about this indicates a serious mail system misconfiguration
> somewhere. Please contact me immediately.)
>
> Debian bug tracking system administrator
> (administrator, Debian Bugs database)
>
>
>
> ------------------------------------------------------------------------
>
> Sujet:
> libcap-bin, linux-2.6: setting capabilities does not work with Debian
> kernels
> Expéditeur:
> Aurelien Jarno <aurel32@debian.org>
> Date:
> Sun, 04 Feb 2007 16:55:51 +0100
> Destinataire:
> Debian Bug Tracking System <submit@bugs.debian.org>
>
> Destinataire:
> Debian Bug Tracking System <submit@bugs.debian.org>
>
>
> Package: libcap-bin,linux-2.6
> Severity: grave
> Justification: renders package unusable
>
> The Debian kernels does not give the CAP_SETPCAP capability to the root
> user, so the utilities in libcap-bin are not usable.
>
> In my case this is a problem since the 2.6.18 kernel has added
> /dev/net/tun to the CAP_SYS_ADMIN list. This means only the root user can
> access this file, whatever the permissions of this file are. setpcaps or
> sucap can't change that. This is a regression from the 2.6.17 kernel.
>
>
> -- System Information:
> Debian Release: 4.0
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-3-amd64
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
>
>
>
> ------------------------------------------------------------------------
>
> Sujet:
> Re: Bug#409657: libcap-bin, linux-2.6: setting capabilities does not
> work with Debian kernels
> Expéditeur:
> Bastian Blank <waldi@debian.org>
> Date:
> Sun, 4 Feb 2007 17:37:22 +0100
> Destinataire:
> 409657-done@bugs.debian.org
>
> Destinataire:
> 409657-done@bugs.debian.org
>
>
> On Sun, Feb 04, 2007 at 04:55:51PM +0100, Aurelien Jarno wrote:
>> The Debian kernels does not give the CAP_SETPCAP capability to the root
>> user, so the utilities in libcap-bin are not usable.
>
> It was never available.
That still makes the libcap-bin package unusable. Why ship such a
package? If this can't be fixed in the kernel, the libcap-bin package
should be removed.
>> In my case this is a problem since the 2.6.18 kernel has added
>> /dev/net/tun to the CAP_SYS_ADMIN list. This means only the root user can
>> access this file, whatever the permissions of this file are. setpcaps or
>> sucap can't change that. This is a regression from the 2.6.17 kernel.
>
> Incorrect. There was a security fix. Now only CAP_SYS_ADMIN is allowed to
> create new devices.
>
> Anyway. Nothing here is a bug. CAP_SETPCAP was never available and
> the proposed permissions for this device was 700 before this change (now
> they are 666), so no regression.
Before it was possible to set the permission manually to 666. This does
not work anymore.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
Reply to: