Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#18852 - [namcap] Detect setuid/setgid files
Attached to Project:
Arch Linux
Opened by Linas (Linas) - Saturday, 27 March 2010, 00:35 GMT
Last edited by Rémy Oudompheng (remyoudompheng) - Friday, 25 February 2011, 21:30 GMT
Opened by Linas (Linas) - Saturday, 27 March 2010, 00:35 GMT
Last edited by Rémy Oudompheng (remyoudompheng) - Friday, 25 February 2011, 21:30 GMT
|
Detailsnamcap should have a rule to give an error when a package contains a
setuid/setgid file. So for instance namcap /var/cache/pacman/pkg/util-linux-ng-*.pkg.tar.* should complain that bin/{,u}mount are setuid and bin/write setgid. |
This task depends upon
Closed by Rémy Oudompheng (remyoudompheng)
Friday, 25 February 2011, 21:30 GMT
Reason for closing: Implemented
Additional comments about closing: Implemented for version 3.0
Friday, 25 February 2011, 21:30 GMT
Reason for closing: Implemented
Additional comments about closing: Implemented for version 3.0
When I build a package and I get asked "do you want to verify it with namcap?". It should warn about it, just as it warns "these folder permissions don't look ok" even though it is obviously not its work to verify the package security or anything like that.