| Main Archive Page > Month Archives > linux-security-module archives |
[PATCH] Modify 'old libcap' warning message
From: Andrew Morgan <morgan_at_nospam>Date: Thu Nov 22 2007 - 06:05:47 GMT
To: Kevin Winchester <kjwinchester@gmail.com>, Andrew Morton <akpm@linux-foundation.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew,
Yes, as Kevin suggests 'old' meant 1.x, which is pretty much the only version of libcap in wide distribution.
Libcap is available here:
http://www.kernel.org/pub/linux/libs/security/linux-privs/
Attached is a modification of the problematic kernel message - I had no idea these messages would generate so much consternation. I've rewritten it, but I'm not altogether clear what level of detail is permitted/desirable. Is this ok?
Cheers
Andrew
>>>> My venerable FC1 machine says
>>>>
>>>> warning: process `zsh' gets w/ old libcap
>>>> warning: process `zsh' gets w/ old libcap
>>>> warning: process `zsh' gets w/ old libcap
>>>>
>>>> should I be scared?
>>> It should be safe as of Andrew's latest patch. (Before that patch it
>>> was only unsafe because root's capabilities are just set to {~0,~0} so
>>> they include invalid capabilities.
>>>
>>> Agreed a better error message would be good.
>> yup
>>
>>> Would it be inappropriate
>>> to include the URL for new libcap versions?
>> I doubt it, really. Anyone who's running anything as old as FC1 won't be
>> upgrading (and probably couldn't find a package to upgrade to).
>>
>> Or does "old libcap" here refer to all the versions whcih are deployed
>> today? If so then we should jsut kill the message. ot at least make it a
>> once-per-boot thing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFHRRw3QheEq9QabfIRAm53AJ4kq+tZl1qx4pnDQpUB7I7QhHeYmQCeJfbu
WDayoZLfYsBrYhUilb9eEiQ=
=pwEc
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html