On Thu, 5 Mar 2015, Andy Lutomirski wrote:
> > Yes due to the library issues.
>
> You can't LD_PRELOAD and fP together. And I'm still unconvinced that
> ambient caps can ever be safe in conjunction with fP. I'll grill you
> next week on what you're trying to do that makes you want this :)
>From the ld.so manpage:
LD_PRELOAD
A whitespace-separated list of additional, user-specified, ELF
shared
libraries to be loaded before all others. This can be used to
selec‐
tively override functions in other shared libraries. For
setuid/set‐
gid ELF binaries, only libraries in the standard search
directories
that are also setgid will be loaded.
So this mechanism has not been made to work for binaries with caps? We
have to keep using setuid?
