Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#63248 - [shadow] Install newuidmap/newgidmap with fs caps instead of suid
Attached to Project:
Arch Linux
Opened by Jensen McKenzie (your_doomsday) - Sunday, 21 July 2019, 20:16 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 08 August 2019, 01:16 GMT
Opened by Jensen McKenzie (your_doomsday) - Sunday, 21 July 2019, 20:16 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 08 August 2019, 01:16 GMT
|
DetailsDescription:
Since 4.7 version upstream supports installing newuidmap/newgidmap with CAP_SETUID and CAP_SETGID (respectively) file system capability instead of full SUID binary ('--with-fcaps' config option). This is much recommended for better security. https://github.com/shadow-maint/shadow/commit/70971457b761cdd6cd507acfc935295b4f3f237f |
This task depends upon
Closed by Dave Reisner (falconindy)
Thursday, 08 August 2019, 01:16 GMT
Reason for closing: Fixed
Additional comments about closing: shadow 4.7-2
Thursday, 08 August 2019, 01:16 GMT
Reason for closing: Fixed
Additional comments about closing: shadow 4.7-2
Comment by Dave Reisner (falconindy) -
Thursday, 01 August 2019, 18:04 GMT
Unfortunately pacman doesn't support unpacking of xattrs in package tarballs, so this needs to be done via an install scriptlet. Pushing a -2 to testing with this change.