Simon Kelley si...@thekelleys.org.uk writes:
Cristóbal Palmer wrote:
On Thu, Jun 19, 2008 at 3:52 PM, Simon Kelley si...@thekelleys.org.uk
wrote:
There's no order which makes everything work, as far as I can see.
Why not fork a test process which tries the capset? If that fails,
then
Uwe Gansert wrote:
On Thursday 19 June 2008, Simon Kelley wrote:
That's a good idea, even simpler would be to just check that capget()
will work early: that's enough to detect a kernel which doesn't have the
correct support compiled in.
Would that satisfy your security people, Uwe?
I
Matthias Andree wrote:
Or libcap library for that matter. I tried swapping 2.6.25.X underneath
openSUSE 10.2 and ntpd started failing since it uses libcap1 which can't
talk to a new kernel. Awful, and proof that the current Linux 2.6
unstable API development model is crap, but that's not
On Friday 20 June 2008, Simon Kelley wrote:
OK, too late. I picked up Bill's excellent suggestion and ran with it.
Late night last night :-)
that's fine with me :)
http://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.43test8.tar.gz
does the full pipe-back-to-the-parent scheme, it
Uwe Gansert wrote:
On Thursday 19 June 2008, Simon Kelley wrote:
our security team did a review of the dnsmasq package in openSUSE.
This bug: https://bugzilla.novell.com/show_bug.cgi?id=401650 is maybe
worth a discussion here.
Hmm, can't get at that without a login, are there any other
Simon Kelley wrote:
Carlos Carvalho wrote:
Simon Kelley (si...@thekelleys.org.uk) wrote on 19 June 2008 19:53:
The result of this is that if dnsmasq is going to exit because of
capability problems, it can't return a non-zero exit code: starting
the daemon will appear to start fine, and