RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)
Jason L Tibbitts III
tibbs at math.uh.edu
Fri Oct 29 03:15:51 UTC 2010
>>>>> "JN" == Joe Nall <joe at nall.com> writes:
JN> On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote:
>> More to the point, I can easily see the setuid bit easily on a
>> binary.
>> How do I tell if these strange/hidden "capabilities" are
>> present on a binary? 'ls' doesn't mention anything.
JN> getcap
Interesting. That's in the libcap package, which is sort of oddly named
because it includes executables. And of course it's multilib, but the
binaries are arch-specific which I believe is a multilib conflict.
Probably needs the executables split out into a libcap-tools packages.
I notice that rpm supports that %caps() directive in the %files list to
specify capabilities. I don't recall seeing that before; how long ago
did rpm grow support for it? It looks like it came in around rpm 4.7,
so all supported Fedora releases have it. However, I'm certain it's not
in RHEL4 and I'm pretty sure it's not in RHEL5 either, so at least the
EPEL folks will need to make a note of it.
- J<
More information about the devel
mailing list