On Tue, Sep 01, 2009 at 12:24:23AM -0400, Yaroslav Halchenko wrote: > do you mean that executables with any capabilities (or even just > cap_sys_nice) set are considered insecure and LD_PRELOAD is explicitly > disallowed so LD_PRELOAD of fakeroot library fails?
Yes, it is the same as with setuid/setgid programs. The point is that otherwise you could make a preload library to exploit any capability by subverting one of the functions used by a privileged binary. I'm not sure how fakeroot-ng interacts with capabilities, but perhaps it is more suitable for your use case. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
