Talk:Features/RemoveSETUID: Difference between revisions

Revision as of 16:29, 30 October 2010

It would be good to add some documentation here about the existing capabilities, and how to find out which ones are needed for a concrete binary. Also, how do we deal with random runtime breakage if packagers get it wrong ? Is there some testplan ? --mclasen 19:26, 27 October 2010 (UTC)

I also would like to see the HOWTO on determining required capabilities. Peter Lemenkov 16:38, 29 October 2010 (UTC)

I dispute the comment that "user experience" would stay the same with this feature. "ls -l" does not show the capabilities, so auditing this becomes more complicated. Because of this, a sysadmin may disable capabilities entirely, leaving these no-longer-setuid programs dead. Fche 16:29, 30 October 2010 (UTC)

@@ Line 1: / Line 1: @@
 It would be good to add some documentation here about the existing capabilities, and how to find out which ones are needed for a concrete binary. Also, how do we deal with random runtime breakage if packagers get it wrong ? Is there some testplan ? --[[User:Mclasen|mclasen]] 19:26, 27 October 2010 (UTC)
 : I also would like to see the HOWTO on determining required capabilities. [[User:Peter|Peter Lemenkov]] 16:38, 29 October 2010 (UTC)
+I dispute the comment that "user experience" would stay the same with this feature.
+"ls -l" does not show the capabilities, so auditing this becomes more complicated.
+Because of this, a sysadmin may disable capabilities entirely, leaving these no-longer-setuid
+programs dead.
+[[User:Fche|Fche]] 16:29, 30 October 2010 (UTC)

Search

Talk:Features/RemoveSETUID: Difference between revisions

Revision as of 16:29, 30 October 2010