Date: Sunday, October 16, 2022 @ 12:47:04 Author: dvzrv Revision: 458249
Configure using --with-fcaps. Without the configure option newuidmap and newgidmap are still setuid and setgid (respectively). The change to apply capabilities to the binaries in an .install file has been implemented with https://bugs.archlinux.org/task/63248 but since then the binaries were still built with setuid/setgid. Modified: shadow/trunk/PKGBUILD ----------+ PKGBUILD | 1 + 1 file changed, 1 insertion(+) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-10-16 12:20:17 UTC (rev 458248) +++ PKGBUILD 2022-10-16 12:47:04 UTC (rev 458249) @@ -73,6 +73,7 @@ --mandir=/usr/share/man \ --sysconfdir=/etc \ --disable-account-tools-setuid \ + --with-fcaps \ --with-libpam \ --with-group-name-max-length=32 \ --with-audit \
