On Tue, Jun 20, 2006 at 08:49:41PM +0900, Georgi Georgiev wrote:
> > Could upstream have handled it better? Yes, most definitely. Did they?
> > No, not yet. We're stuck picking up the pieces.
> What does upstream have to do with the decision to "chmod u+s,go-r
> /usr/bin/gpg" or not?
If using a kernel older than 2.6.9, and capabilities support is in the
kernel, using capabilities is only way to avoid needing to grant full
setuid to the binary. For kernels newer than 2.6.9, there is another
API as well.

By handling it better, I mean that the code should at runtime try both
interfaces, rather than pick one to compile into the binary.

Robin Hugh Johnson
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

Attachment: pgpjNJVZuaUar.pgp
Description: PGP signature

Reply via email to