system: %default-privileged-programs: Set ping capabilities - guix

diff options

author	Rutherther <rutherther@ditigal.xyz>	2024-10-11 21:49:10 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2024-11-03 22:54:00 +0100
commit	e5d64e87d4759d62c035dad203e9975de3b621a6 (patch)
tree	23ff18879a0ad7293f59c4bec2e5d6864adc0cf1 /doc/guix.texi
parent	e7a445571d0e45be96894bc6b298b67ceb2f3989 (diff)
download	guix-e5d64e87d4759d62c035dad203e9975de3b621a6.tar guix-e5d64e87d4759d62c035dad203e9975de3b621a6.tar.gz

system: %default-privileged-programs: Set ping capabilities

Ping and ping6 don't need setuid, they can work with cap_net_raw capability only. This means that even if ping or ping6 had a vulnerability that could be used for execution as root, it can't anymore if the program is not setuid. * gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid programs, add ping, ping6 programs with cap_net_raw=ep capabilities Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209 Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Diffstat (limited to 'doc/guix.texi')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: