[ubuntu-hardened] File Posix Capabilities in Jaunty
Michal Zimen
michal.zimen at gmail.com
Fri Mar 13 07:41:53 GMT 2009
Hi Kees,
I mean capabilities described for example in this article:
http://www.friedhoff.org/posixfilecaps.html
It would be better to have system without SUID executable files. Afterall,
it is not so complicated:)
Michal
On Thu, Mar 12, 2009 at 6:46 PM, Kees Cook <kees at ubuntu.com> wrote:
> Hi Michal,
>
> On Thu, Mar 12, 2009 at 11:27:56AM +0100, Michal Zimen wrote:
> > Would be in Jaunty release used File POSIX Capabilities by default ?
> > I found in Intrepid only libcap2-bin package but there is no pam module
> > for capabilities.
>
> What is needed for PAM? There is a long-lost patch to pam_limits to allow
> capability-fiddling-syntax, but I would assume that's not what you're
> looking for?
>
> Is there a specific patch you're interested in for PAM?
>
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
--
--mizu--
"Every man dies; not every man really lives."
--William Wallace**, Braveheart
** Who certainly would have voted Fera, if he lived again [
http://volimfera.blogspot.com] **
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20090313/b8666ca3/attachment.htm
More information about the ubuntu-hardened
mailing list