CAP_SYS_PTRACE is extremely powerful, and seems to only be used for
debugging (reporting which executable was made RT). I would prefer that
CAP_SYS_PTRACE was not included in the capabilities for this daemon. I
do like that is chroots itself, though.
Additionally, I would prefer that it drop privileges earlier -- it opens
syslog, dbus, etc before dropping privs. Can priv-dropping be moved
earlier?
** Changed in: rtkit (Ubuntu)
Status: New => Incomplete
--
[MIR] rtkit
https://bugs.launchpad.net/bugs/396396
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
