• [gentoo-dev] [PATCH 2/2] fcaps.eclass: make binaries readable by defaul

    From Mike Gilbert@21:1/5 to All on Sun Nov 10 23:00:01 2024
    Removing the read bit from suid binaries has questionable security
    benefit, and may cause problems for some software.

    Users may override FCAPS_CAPS_MODE and FCAPS_NOCAPS_MODE should they
    desire the old behavior.

    Bug: https://bugs.gentoo.org/938164
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    ---
    eclass/fcaps.eclass | 4 ++--
    1 file changed, 2 insertions(+), 2 deletions(-)

    diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass
    index bf05776ba760..da4a52099396 100644
    --- a/eclass/fcaps.eclass
    +++ b/eclass/fcaps.eclass
    @@ -70,13 +70,13 @@ esac
    # @USER_VARIABLE
    # @DESCRIPTION:
    # Mode to use when capabilities are supported.
    -: ${FCAPS_CAPS_MODE:=0711}
    +: ${FCAPS_CAPS_MODE:=0755}

    # @ECLASS_VARIABLE: FCAPS_NOCAPS_MODE
    # @USER_VARIABLE
    # @DESCRIPTION:
    # Mode to use when capabilities are not supported.
    -: ${FCAPS_NOCAPS_MODE:=4711}
    +: ${FCAPS_NOCAPS_MODE:=4755}

    # @FUNCTION: fcaps
    # @USAGE: [-o <owner>] [-g <group>] [-m <mode>] [-M <caps mode>] <capabilities> <file[s]>
    --
    2.47.0

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)