[RndTbl] Linux capabilities vs setuid-root
Trevor Cordes
trevor at tecnopolis.ca
Tue Sep 15 20:23:07 CDT 2015
On 2015-09-09 Gilbert E. Detillieux wrote:
> I mentioned Linux capabilities (setcap/getcap commands) briefly
> during last night's round-table session, and Trevor mentioned that he
> thought that recent Fedora releases had eliminated the use of
> setuid-root binaries in favour of capabilities-based binaries.
> (That's the stated goal, in any case.)
Ya, I thought it over and checked my system and it turns out I was
thinking about suid scripts; perl in particular. An update or two ago
they got rid of suid perl completely, as in made it impossible, and I
had to scramble to get some things to work by using sudoers (not
capabilities). I guess caps are the next Big Thing. I'll wait until
they disable sudoers... (yes Adam, *BSD, grumble grumble.)
More information about the Roundtable
mailing list