Linux Today: Linux News On Internet Time.

Features/RemoveSETUID (Fedora 14)

Oct 29, 2010, 12:33 (1 Talkback[s])
(Other stories by Kevin Fenzi)

"File Capabilties have been present in the Operating System for a few releases now, it is time that we remove setuid applications and just assign the capapilities required by an application. This should make the applications and the Operating System more secure.


* Name: Daniel Walsh 

    * Email:  

Current status

    * Targeted release: Fedora 15
    * Last updated: 2010-10-26
    * Percentage of completion: 20%
    * Tracker Bug https://bugzilla.redhat.com/show_bug.cgi?id=646440 added 

"Detailed Description

"We need to change the spec files of most applications that include a setuid application to remove the setuid flag and change to file capabilities.

"Package maintainers after making this change have to verify that their applications still work without the setuid app. In some cases this might not be possible."

Complete Story

Related Stories: