-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/22/2016 04:59 PM, Noah Meyerhans wrote: > Thanks. In the meantime, I've submitted 815566 against libcap2-bin > requesting that it be raised to Priority: important to match > iputils and systemd, which is the right solution hered.
Probably a good idea to do that, thanks! >> I would still highly discourage from using setuid anymore anyway >> for the well-known security issues it has [1]. I mean, setuid is >> one of the main reason capabilities were introduced to the Linux >> kernel in the first place. > > As long as it's possible for Debian systems to work on kernels that > don't support capabilities, I want to keep the suid fallback in > place, especially if it's only actually used under custom > configurations. I didn't say you should remove setuid altogether. I just said you should use capabilties on Linux by default by setting: Depends: libcap2-bin [linux-any] I'm aware we can't use capabilities on the non-Linux kernels yet, but since dpkg allows us to set dependencies per arch or per kernel, I don't see any particular problem adding libcap2-bin as to Depends for Linux kernels. Adrian - -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWy2xlAAoJEHQmOzf1tfkT3R4P/isqmu1APaSecpJqH7uTW7X+ fCEmSd4FBglVJy+jYQ2vJinkR04ZYlvUELOkmqUIQk/juPbLBZN695LHhjuWFTCX LL8NraJguvFqzPfx0OkESLe14sAf5CXcg++LLzOQnJ/SpScRbaEa/62ZRdufonj9 17+OlsMAvrSEQtoj6Al3hQEQiH6aseHgD8tyCpq79xIpAgC8UUeA6ETOYMZLFu/b YyuQ9w9YvupeUv1vI8ic4b4UgCCAq+oW7gpF8XyHMnJGMM/dIWtPYa75jNHn9JcE 2QKzQ7TEllrLSmMW8I7dk0VCAiq2fl0B8sPt05IUk2TOzowJk7Cd/UljYmPG4Xx0 NlonR7qP3lzAIsMxDuxSxpRZk4SUC1q1UHDLcRLHkDj4iXoYcsF3F0Ud200b6SsF VNQVftjgMJESoEDklYtIPn7zgdkSjp5rGDFnLxzyc8Ya/qX6EBEBh7pvyP5qMjir W/EaGvPfg8qYqbNxV0f8YhRZkGg+jpL8onfMNwXEsn2LJkFmFpoztKVpHKMpcw6K UNte8uxQpp4HS9qu95/qSbK2u3ZstT7YNEjSr3EOigrJpWsMakm45KwjczzTYYjR 4L7A9G8qdtdHztgXgJ9+NLSPUHS94SUqgxkA/1mKaCL4uqt7wUUztUK2fNHcsjoX Y/IQRIF0ePiN8lSSLmZj =+YrK -----END PGP SIGNATURE-----