Hello, This is probably not possible to fix -- it was a widely accepted criticism of the POSIX draft capabilities, and Linux implemented capabilities, that it is an impossible task to prevent individual capability grants from 'bleeding' over into privileges that correspond to other capabilities.
If you get any traction reporting this issue to upstreams please do report back, but please don't take it too hard if they're not interested in trying to build stronger separation between root's various capabilities. Thanks ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785687 Title: btrfs send can bypass DAC check with certain capability set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1785687/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
