linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: [PATCH] Modify 'old libcap' warning messa

[PATCH] Modify 'old libcap' warning message

From: Andrew Morgan <morgan_at_nospam>
Date: Thu Nov 22 2007 - 06:05:47 GMT
To: Kevin Winchester <kjwinchester@gmail.com>, Andrew Morton <akpm@linux-foundation.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew,

Yes, as Kevin suggests 'old' meant 1.x, which is pretty much the only version of libcap in wide distribution.

Libcap is available here:

  http://www.kernel.org/pub/linux/libs/security/linux-privs/

Attached is a modification of the problematic kernel message - I had no idea these messages would generate so much consternation. I've rewritten it, but I'm not altogether clear what level of detail is permitted/desirable. Is this ok?

Cheers

Andrew

>>>> My venerable FC1 machine says
>>>>
>>>> warning: process `zsh' gets w/ old libcap
>>>> warning: process `zsh' gets w/ old libcap
>>>> warning: process `zsh' gets w/ old libcap
>>>>
>>>> should I be scared?
>>> It should be safe as of Andrew's latest patch. (Before that patch it
>>> was only unsafe because root's capabilities are just set to {~0,~0} so
>>> they include invalid capabilities.
>>>
>>> Agreed a better error message would be good.
>> yup
>>
>>> Would it be inappropriate
>>> to include the URL for new libcap versions?
>> I doubt it, really. Anyone who's running anything as old as FC1 won't be
>> upgrading (and probably couldn't find a package to upgrade to).
>>
>> Or does "old libcap" here refer to all the versions whcih are deployed
>> today? If so then we should jsut kill the message. ot at least make it a
>> once-per-boot thing.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFHRRw3QheEq9QabfIRAm53AJ4kq+tZl1qx4pnDQpUB7I7QhHeYmQCeJfbu WDayoZLfYsBrYhUilb9eEiQ=
=pwEc
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html