"JN" == Joe Nall joe@nall.com writes:
JN> On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote:
More to the point, I can easily see the setuid bit easily on a binary. How do I tell if these strange/hidden "capabilities" are present on a binary? 'ls' doesn't mention anything.
JN> getcap
Interesting. That's in the libcap package, which is sort of oddly named because it includes executables. And of course it's multilib, but the binaries are arch-specific which I believe is a multilib conflict. Probably needs the executables split out into a libcap-tools packages.
I notice that rpm supports that %caps() directive in the %files list to specify capabilities. I don't recall seeing that before; how long ago did rpm grow support for it? It looks like it came in around rpm 4.7, so all supported Fedora releases have it. However, I'm certain it's not in RHEL4 and I'm pretty sure it's not in RHEL5 either, so at least the EPEL folks will need to make a note of it.
- J<