* Alessandro Selli: > Beep is installed SUID root in Debian Wheezy. This is > unnecessary. In order to overcome tty ioctl issue, expecially when > running in an Xterm, these capabilities should instead be set to the > /usr/bin/beep executable:
> CAP_DAC_OVERRIDE,CAP_SYS_TTY_CONFIG=ep CAP_DAC_OVERRIDE is essentially root-equivalent. It allows snooping passwords entered on TTYs, for example, or read key material from the disk which can then be used to impersonate users and services. So I'm doubtful this adds much security, especially if beep already drops privileges early (which I haven't checked). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
