On 29/04/13 17:22, Joerg Schilling wrote:
Nikos Chantziaras <rea...@gmail.com> wrote:
You don't know what my intentions are. I might be doing testing,
debugging, who knows what. It's the "trying to be smarter than the
user" thing. The defaults of course would be to built the software in a
sane, secure way. Only users who know what they're doing would disable
that, and they'd have their reasons.
Would you call someone who shoots himself into the foot "smart"?
Recent Linux kernels support fcaps in the filesystems and "somebody" evil, who
knows what he does may even set up fcaps on executable files when the related
support-software is not installed, just because the unstable kernel interfaces
are accessible from libc.
Do you like people to be able to open security holes?
You don't know what my intentions are and why I want to disable libcap.
I have my reasons. This happens because it is actually possible to
disable it.
If you really don't like that, then you should probably make libcap
mandatory. Assume it's there, and if it's not, the user should get
compile errors.
But as long as it's not mandatory, I have my reasons why I would want to
disable it, just as I have my reasons why I would want to explicitly
enable it. What if autodetection fails? If I use the appropriate
"enable libcap" flag, and libcap is not there, or it's broken, or
whatever, I don't want to get a build that's now insecure. I want the
build to abort with a big, fat error.
I think you're too used to binary distros and Solaris to appreciate the
different requirements of source-based distros :-)