| Summary: | net-analyzer/nmap does not show filecaps message for existing users | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Rick Farina (Zero_Chaos) <zerochaos> |
| Component: | Current packages | Assignee: | Gentoo Netmon project <netmon> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Rick Farina (Zero_Chaos)
2015-05-13 14:29:26 UTC
I'll consider that when I'm done checking whether you opened a security hole. Right now it looks like any user can do privileged stuff with --privileged set. We may end up reverting your work instead of fine-tuning when messages are sent out. I have removed the security hole you introduced. If you have any further ideas on security related features on netmon packages, then I expect you to show patches, not commits. (In reply to Jeroen Roovers from comment #2) > I have removed the security hole you introduced. If you have any further > ideas on security related features on netmon packages, then I expect you to > show patches, not commits. Please note, I intentionally didn't put the work into a keyworded version of nmap due to this concern. An amount of discretion we don't seem to share. https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/nmap/nmap-6.47-r3.ebuild?revision=1.1&view=markup Perhaps we both could be more careful next time. (In reply to Rick Farina (Zero_Chaos) from comment #3) > Perhaps we both could be more careful next time. No, it's just you. |