From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: Question regarding file capabilities being shipped in Core Updates
Date: Wed, 07 Jul 2021 21:51:14 +0200
Message-ID: <d529211e-9d26-8b63-82b4-8d5449eb52bc@ipfire.org>
In-Reply-To: <3ada475f-2260-9e65-b044-b9034b72d4ba@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6957532496738628489=="
List-Id: <development.lists.ipfire.org>

--===============6957532496738628489==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Peter,

In the CHANGES file in the source tarball setcap is mentioned twice:-

=3D=3D=3D=3D=3D s20200821 =3D=3D=3D=3D=3D
released August 21, 2020

* arping
- [security] disable setcap and setuid (prevent ARP Poisoning, issue: #203)

* Meson build system
- Allow to set using setcap-setuid.sh per application (commit: 054670a)

The setcap-setuid.sh script is in the build-aux directory in the source tarba=
ll. Maybe this script is what needs to be used now.

Hope this helps.

Regards,

Adolf.

On 07/07/2021 20:26, Peter M=C3=BCller wrote:
> Hello *,
>
> while working on bug #12652, I noticed we _did_ ship ping / iputils in Core=
 Update 157. However,
> it seems as the capabilities set to /usr/bin/ping are not preserved that wa=
y.
>
> Am I mistaken? Can we even use file capabilities in this environment?
>
> Thanks, and best regards,
> Peter M=C3=BCller

--===============6957532496738628489==--