Hi Kees,<br><br>I mean capabilities described for example in this article:<br> <a href="http://www.friedhoff.org/posixfilecaps.html">http://www.friedhoff.org/posixfilecaps.html</a><br><br><br>It would be better to have system without SUID executable files. Afterall, it is not so complicated:)<br>
<br><br>Michal<br><br><br><br><div class="gmail_quote">On Thu, Mar 12, 2009 at 6:46 PM, Kees Cook <span dir="ltr"><<a href="mailto:kees@ubuntu.com">kees@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Michal,<br>
<div class="im"><br>
On Thu, Mar 12, 2009 at 11:27:56AM +0100, Michal Zimen wrote:<br>
> Would be in Jaunty release used File POSIX Capabilities by default ?<br>
> I found in Intrepid only libcap2-bin package but there is no pam module<br>
> for capabilities.<br>
<br>
</div>What is needed for PAM? There is a long-lost patch to pam_limits to allow<br>
capability-fiddling-syntax, but I would assume that's not what you're<br>
looking for?<br>
<br>
Is there a specific patch you're interested in for PAM?<br>
<br>
-Kees<br>
<font color="#888888"><br>
--<br>
Kees Cook<br>
Ubuntu Security Team<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>--mizu--<br><br>"Every man dies; not every man really lives."<br> --William Wallace**, Braveheart <br> ** Who certainly would have voted Fera, if he lived again [<a href="http://volimfera.blogspot.com">http://volimfera.blogspot.com</a>] **<br>