Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!
Daniel P. Berrange
berrange at redhat.com
Fri Oct 29 08:56:15 UTC 2010
On Thu, Oct 28, 2010 at 11:08:00PM +0100, Richard W.M. Jones wrote:
> On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
> > On 10/28/2010 01:11 AM, Kevin Fenzi wrote:
> >
> > * #480 F15Feature - RemoveSETUID (
> > http://fedoraproject.org/wiki/Features/RemoveSETUID ) (nirik,
> > 19:15:16)
> > * AGREED: the feature is approved. (nirik, 19:26:46)
> >
> >
> > This feature is now approved and I see bugs get filed. The documentation
> > and guidelines are very incomplete. How does one figure out which file
> > capabilities are needed by the programs I maintain that currently use
> > setuid? Help, please.
>
> More to the point, I can easily see the setuid bit easily on a binary.
>
> How do I tell if these strange/hidden "capabilities" are present on a
> binary? 'ls' doesn't mention anything.
You want the libcap-ng-utils RPMs which provides a bunch of useful tools
for this, filecap, netcap, pscap, etc. See also
http://people.redhat.com/sgrubb/libcap-ng/index.html
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the devel
mailing list