Dr. Werner Fink changed bug 1004049
What Removed Added
CC   lnussel@suse.com

Comment # 7 on bug 1004049 from 
(In reply to Marcus Meissner from comment #6)

Hmm ... pty usage should be possible for progams which depends on pty. Not only
xterm, konsole lxterminal. gnome-terminal, but also screen and socat and some
other programs do depend on that.  You can not use screen and socat without.

Btw. for /usr/bin/ping and /usr/bin/ping6 I've set cap_net_raw+ep as otherwise
those two programs are useless and should not stay below /usr/bin/ but in
/usr/sbin/.

IMHO this requires an extension of the concept of /etc/permissions to be able
to set capabilities ... with this we might remove capabilities in the secure
and paranoid, but add them in default and/or easy. Such an extension coould be


  # Format: 
  # <file> <owner>:<group> <permission> [<capabilit(y/ies)>]

that means an optional fourth column to set capabilities or if absent to remove
any capabilities

You are receiving this mail because: