[arch-general] file system capabilities
Gerardo Exequiel Pozzi
vmlinuz386 at yahoo.com.ar
Wed Nov 4 10:34:15 EST 2009
Daenyth Blank wrote:
> On Wed, Nov 4, 2009 at 10:14, Daenyth Blank <daenyth+arch at gmail.com> wrote:
>
>> On Wed, Nov 4, 2009 at 10:12, Shridhar Daithankar
>> <ghodechhap at ghodechhap.net> wrote:
>>
>>> so can this be done by default? thus reducing setuid usage? it should improve
>>> security right?
>>>
>>>
>> This should probably go on the bug tracker as a feature request.
>>
>>
>
> Actually, the article states that not all file systems support this,
> so I don't think that it should be put in as the default. I think that
> it deserves mention on the wiki, however.
>
>
I writed an article in the wiki [#1] some time ago, for all common
setuids in core packages and xorg about this.
Some will fail and make more unsafe than safer (like mount)
[#1]
http://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid
--
Gerardo Exequiel Pozzi ( djgera )
http://www.djgera.com.ar
KeyID: 0x1B8C330D
Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
More information about the arch-general
mailing list