Andrew Morton wrote:
> On Wed, 21 Nov 2007 11:10:51 -0600
> "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
>
>> Quoting Andrew Morton ([EMAIL PROTECTED]):
>>> On Sat, 17 Nov 2007 21:25:27 -0800 Andrew Morgan <[EMAIL PROTECTED]> wrote:
>>>
>>>> The attached patch (171282b3553fcec43b9ab615eb7daf6c2b494a87) applies
>>>> against 2.6.24-rc2-mm1. It addresses the problem reported by Kevin and
>>>> Andy - ultimately, the legacy support wasn't transparent. In particular,
>>>> userspace 32-bit capability manipulations (when run by root) that used
>>>> to work, without this patch, fail.
>>> My venerable FC1 machine says
>>>
>>> warning: process `zsh' gets w/ old libcap
>>> warning: process `zsh' gets w/ old libcap
>>> warning: process `zsh' gets w/ old libcap
>>>
>>> should I be scared?
>> It should be safe as of Andrew's latest patch. (Before that patch it
>> was only unsafe because root's capabilities are just set to {~0,~0} so
>> they include invalid capabilities.
>>
>> Agreed a better error message would be good.
>
> yup
>
>> Would it be inappropriate
>> to include the URL for new libcap versions?
>
> I doubt it, really. Anyone who's running anything as old as FC1 won't be
> upgrading (and probably couldn't find a package to upgrade to).
>
> Or does "old libcap" here refer to all the versions whcih are deployed
> today? If so then we should jsut kill the message. ot at least make it a
> once-per-boot thing.
>
>
I am running Ubuntu gutsy, so it's about a month or two old. I think "old"
means libcap 1.x and not old is libcap 2.x (I can't even find a web page for
libcap 2.x, but the 64-bit capability patch indicates that it supports the new
capabilities version).
--
Kevin Winchester
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
