On Wed, 21 Nov 2007 11:10:51 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> Quoting Andrew Morton ([EMAIL PROTECTED]):
> > On Sat, 17 Nov 2007 21:25:27 -0800 Andrew Morgan <[EMAIL PROTECTED]> wrote:
> >
> > > The attached patch (171282b3553fcec43b9ab615eb7daf6c2b494a87) applies
> > > against 2.6.24-rc2-mm1. It addresses the problem reported by Kevin and
> > > Andy - ultimately, the legacy support wasn't transparent. In particular,
> > > userspace 32-bit capability manipulations (when run by root) that used
> > > to work, without this patch, fail.
> >
> > My venerable FC1 machine says
> >
> > warning: process `zsh' gets w/ old libcap
> > warning: process `zsh' gets w/ old libcap
> > warning: process `zsh' gets w/ old libcap
> >
> > should I be scared?
>
> It should be safe as of Andrew's latest patch. (Before that patch it
> was only unsafe because root's capabilities are just set to {~0,~0} so
> they include invalid capabilities.
>
> Agreed a better error message would be good.
yup
> Would it be inappropriate
> to include the URL for new libcap versions?
I doubt it, really. Anyone who's running anything as old as FC1 won't be
upgrading (and probably couldn't find a package to upgrade to).
Or does "old libcap" here refer to all the versions whcih are deployed
today? If so then we should jsut kill the message. ot at least make it a
once-per-boot thing.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
