| Summary: | x11-misc/slock could use capabilities instead of SUID root | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Mira Ressel <aranea> |
| Component: | Current packages | Assignee: | Jeroen Roovers (RETIRED) <jer> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | CC: | desktop-misc |
| Priority: | Normal | Keywords: | PATCH |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | Patch for x11-misc/slock-1.1.ebuild introducing capability usage | ||
Thanks for the patch. Committed in -r1. |
Created attachment 361270 [details, diff] Patch for x11-misc/slock-1.1.ebuild introducing capability usage x11-misc/slock currently installs a SUID root binary in order to be able to read /etc/shadow. For that, granting CAP_DAC_READ_SEARCH would also suffice. The attached patch does that, using fcaps.eclass: If the new USE "filecaps" is disabled, nothing changes. If it's enabled however, only the capability is granted.