https://bugzilla.novell.com/show_bug.cgi?id=645423 https://bugzilla.novell.com/show_bug.cgi?id=645423#c1 --- Comment #1 from Cristian Morales Vega <cmorve69@yahoo.es> 2010-10-13 11:44:55 UTC --- Created an attachment (id=394660) --> (http://bugzilla.novell.com/attachment.cgi?id=394660) Add support for fscaps to chkstat Saw there is a feature opened about this: #307254. Ludwig commented "we need a mechanism that handles fscaps similar to /etc/permissions". So I created a patch for chkstat to support also fscaps (they are inserted after normal permissions in the cap_from_text() format). For sure it could be improved, and checkpermissionfiles.pl should be also adapted (sorry, I don't speak perl), but seems to do the work. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=645423 https://bugzilla.novell.com/show_bug.cgi?id=645423#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2010-10-18 13:23:06 CEST --- (In reply to comment #1)

Created an attachment (id=394660) --> (http://bugzilla.novell.com/attachment.cgi?id=394660) [details] Add support for fscaps to chkstat

Cool. I was just about to look into this myself. I'm not sure yet what's better, add an extra column or just use separate lines? There have been requests to add acl support too which gets kind of messy when using extra columns. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=645423 https://bugzilla.novell.com/show_bug.cgi?id=645423#c5 --- Comment #5 from Sebastian Krahmer <krahmer@novell.com> 2010-10-26 11:32:14 UTC --- The problem with their patch is that they do not check for valid return values. Even though the patch is from the cap-ng author itself. I'd propose something like (not in patch format): #ifdef USE_FILE_CAPS if (uid != geteuid()) { fprintf(stderr, "ping running setuid but compiled with fscaps!\n"); exit(-1); } if ((caps = cap_get_proc()) == NULL) { perror("capget"); exit(2); } if (cap_clear(caps) != 0) { perror("cap_clear"); exit(2); } if (cap_set_proc(caps) != 0) { perror("cap_set_proc"); exit(2); } cap_free(caps); #else if (setuid(uid)) { perror("ping: setuid"); exit(-1); } #endif And thats basically the same for all network tools. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=645423 https://bugzilla.novell.com/show_bug.cgi?id=645423#c7 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #7 from Ludwig Nussel <lnussel@novell.com> 2010-11-05 09:43:38 CET --- I've updated iputils in network:utilities with a better patch. Someone just needs to submit it to Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.