Wanted: small C program to drop all capabilities but cap_sys_ptrace
shachar at shemesh.biz
Wed Sep 29 10:39:43 CDT 2010
On 29/09/10 16:53, Scott Ritchie wrote:
> Unfortunately the default behavior can only be set globally, so that
> leaves me with:
> 1) make installing the package cause the global change
> 2) the above idea
> 3) do nothing
> I'm not sure which is worse, although I know doing nothing breaks a lot
> of apps. The long term solutions are described at the bug however.
> It would be rather nice if there were a cap_sys_ptrace that were at
> least restricted to other processes owned by that user...
What do other packages that depend on ptrace do? In particular, what
does strace do?
I'd ask about fakeroot-ng, but it's in universe, and I'm the "upstream"
maintainer (read - Debian), so I'm fairly sure that's just broken, but
do have a look at that too.
Lingnu Open Source Consulting Ltd.
More information about the wine-devel