Package: login Version: 1:4.8.1-1 Followup-For: Bug #827479 Hello,
The executables installed by newgrp and uidmap are still today setuid instead of using capabilities When looking at the build system, it seems tha the newuidmap and newgidmap are actually meant use the file capabilities instead of being setuid: src/Makefile.am: setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap src/Makefile.am: setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-4-amd64 (SMP w/8 CPU threads) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy Versions of packages login depends on: ii libaudit1 1:3.0-2 ii libc6 2.31-9 ii libcrypt1 1:4.4.17-1 ii libpam-modules 1.4.0-6 ii libpam-runtime 1.4.0-6 ii libpam0g 1.4.0-6 login recommends no packages. login suggests no packages. -- no debconf information