Hi all- Yesterday, I discovered SD_BUS_VTABLE_CAPABILITY. Are there any examples in which it does anything? If so, I don't suppose any of you could give me an example of:
$ cp `which dbus-send` . $ sudo setcap all=eip dbus-send $ dbus-send [not sure what goes here] that passes an authentication test that would have failed without the setcap? In the interest of full disclosure, I'm asking because I think that one of two things is true: 1. The SD_BUS_VTABLE_CAPABILITY code is useless and should therefore be deleted. 2. The SD_BUS_VTABLE_CAPABILITY code is exploitably buggy and should therefore be deleted. I can't tell which one, since I haven't figured out how to test it realistically in the first place. Most of the protected calls seem to be heavily restricted by dbus policy. --Andy _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
