F17: DirectFB
Adam Jackson
ajax at redhat.com
Wed Aug 29 19:16:10 UTC 2012
On 8/29/12 3:06 PM, Miloslav Trmač wrote:
> On Wed, Aug 29, 2012 at 8:33 PM, Tom Callaway <tcallawa at redhat.com> wrote:
>> I made an updated package (1.6.1) that has these fixes applied and sets
>> the CAP_SYS_TTY_CONFIG capability to the dfbinfo binary. (Other DirectFB
>> binaries probably need the same magic, but as I am not a DirectFB user,
>> I can't really say which ones.)
>
> Per http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 , giving the
> program CAP_SYS_TTY_CONFIG is basically equivalent to making it
> setuid-root. Was the code designed to be run in such a risky setup?
Capabilities: still useless.
- ajax
More information about the devel
mailing list