Douglas, thanks for your contrib 👍 The security issue was raised by couples of guys in the ML back in 2010 about this one. But actually I still think this might be more an "ICMP syndrom" now day. Say, ICMP had a security issue back in the day, that was fixed but that people used to quickfix by disabling ICMP on the network devices. Decades after everything is fixed, there will still be people arguing to disable ICMP for safety reason. They mostly don't even remember why, but only that it might have been a threat. Meanwhile, everyday lots of people are "enjoying" the ugly side-effect of such a mindset by bringing more boilerplate to workaround ICMP beeing disabled on some machine.
Florian, is there in 2020 any real security reason for not having relative path working with capabilities ? I mean in worst case, sanitization of input is a usual task nowadays to ensure value are safe before entering into a key process. For priviledged port bind, the NAT is abused as a workaround especialy within containers. For the same deamon servicing you can end up having multiple NAT at the various level of the containerization stack : completely a waste of CPU cycles. But a quickfix for such a conundrum. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/565002 Title: ldopen failing with relative path when linux capability is set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/565002/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
