Package: checksecurity Version: 2.0.15 Severity: wishlist Dear Maintainer,
As packages (e.g. iputils) transition from setuid to file capabilities, so should checksecurity. Worse, not detecting capabilities means that they can be used as a stealth mechanism against checksecurity and some capabilities (e.g. CAP_SETUID) are realistically equivalent to setuid root. So checksecurity currently gives a false sense of security. Unfortunately GNU findutils (used to implement checksecurity) do not seem to support searching for capabilities. Is there any other tool, that could fill this gap? Helmut -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
