https://bugzilla.novell.com/show_bug.cgi?id=645423 https://bugzilla.novell.com/show_bug.cgi?id=645423#c5 --- Comment #5 from Sebastian Krahmer <krahmer@novell.com> 2010-10-26 11:32:14 UTC --- The problem with their patch is that they do not check for valid return values. Even though the patch is from the cap-ng author itself. I'd propose something like (not in patch format): #ifdef USE_FILE_CAPS if (uid != geteuid()) { fprintf(stderr, "ping running setuid but compiled with fscaps!\n"); exit(-1); } if ((caps = cap_get_proc()) == NULL) { perror("capget"); exit(2); } if (cap_clear(caps) != 0) { perror("cap_clear"); exit(2); } if (cap_set_proc(caps) != 0) { perror("cap_set_proc"); exit(2); } cap_free(caps); #else if (setuid(uid)) { perror("ping: setuid"); exit(-1); } #endif And thats basically the same for all network tools. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.