On Tue, Jun 20, 2006 at 08:49:41PM +0900, Georgi Georgiev wrote: > > Could upstream have handled it better? Yes, most definitely. Did they? > > No, not yet. We're stuck picking up the pieces. > What does upstream have to do with the decision to "chmod u+s,go-r > /usr/bin/gpg" or not? If using a kernel older than 2.6.9, and capabilities support is in the kernel, using capabilities is only way to avoid needing to grant full setuid to the binary. For kernels newer than 2.6.9, there is another API as well.
By handling it better, I mean that the code should at runtime try both interfaces, rather than pick one to compile into the binary. -- Robin Hugh Johnson E-Mail : [EMAIL PROTECTED] GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Description: PGP signature