On 8/29/12 3:06 PM, Miloslav Trmač wrote:
On Wed, Aug 29, 2012 at 8:33 PM, Tom Callaway <tcall...@redhat.com> wrote:
I made an updated package (1.6.1) that has these fixes applied and sets
the CAP_SYS_TTY_CONFIG capability to the dfbinfo binary. (Other DirectFB
binaries probably need the same magic, but as I am not a DirectFB user,
I can't really say which ones.)
Per http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 , giving the
program CAP_SYS_TTY_CONFIG is basically equivalent to making it
setuid-root. Was the code designed to be run in such a risky setup?
Capabilities: still useless.
- ajax
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
