python3.2+ compiled files
Tomasz Pala
gotar at polanet.pl
Sat Apr 9 21:50:18 CEST 2011
On Sat, Apr 09, 2011 at 15:34:55 -0400, Jeff Johnson wrote:
>>> There's no known reason why xattr's can't be done in other ways.
>>
>> Like what?
>
> Like not having RPM attach xattr's.
Please tell me how to do root-free (capabilities-based) system without
xattrs in rpm - doing this outside upgrade procedure leaves window for
making system unusable in cases like power failure.
Now we're using some dumb solutions like 'admin' group for SUID ICMP ping
instead attaching proper file capabilities. In long term we should
remove ALL SUID binaries from distribution, as this approach is broken
by design and should be obsoleted 10 years ago.
--
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en
mailing list