On Tue, 01 Sep 2009, Clint Adams wrote:
> On Tue, Sep 01, 2009 at 12:24:23AM -0400, Yaroslav Halchenko wrote:
> > do you mean that executables with any capabilities (or even just
> > cap_sys_nice) set are considered insecure and LD_PRELOAD is explicitly
> > disallowed so LD_PRELOAD of fakeroot library fails?
> Yes, it is the same as with setuid/setgid programs. The point is
> that otherwise you could make a preload library to exploit any
> capability by subverting one of the functions used by a privileged
> binary.
> I'm not sure how fakeroot-ng interacts with capabilities, but
> perhaps it is more suitable for your use case.
hm... it seems to be doing find:
$> fakeroot python --version
ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded:
ignored.
Python 2.5.4
$> fakeroot-ng python --version
Python 2.5.4
cool -- thanks for the hint... seems to remain working fine within
dpkg-buildpackage ;)
I just wonder now what to do with the bug -- apparently it is a feature ;) but
may be error message could be made more informative/relevant?
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
