488530 – x11-misc/slock could use capabilities instead of SUID root

Bug 488530 - x11-misc/slock could use capabilities instead of SUID root

Summary: x11-misc/slock could use capabilities instead of SUID root

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Jeroen Roovers (RETIRED)

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2013-10-18 21:49 UTC by Mira Ressel
Modified:	2013-10-19 15:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch for x11-misc/slock-1.1.ebuild introducing capability usage (patch,694 bytes, patch) 2013-10-18 21:49 UTC, Mira Ressel	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mira Ressel 2013-10-18 21:49:05 UTC

Created attachment 361270 [details, diff]
Patch for x11-misc/slock-1.1.ebuild introducing capability usage

x11-misc/slock currently installs a SUID root binary in order to be able to read /etc/shadow. For that, granting CAP_DAC_READ_SEARCH would also suffice. The attached patch does that, using fcaps.eclass: If the new USE "filecaps" is disabled, nothing changes. If it's enabled however, only the capability is granted.

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2013-10-19 15:27:26 UTC

Thanks for the patch. Committed in -r1.