Removing the read bit from suid binaries has questionable security
benefit, and may cause problems for some software.
Users may override FCAPS_CAPS_MODE and FCAPS_NOCAPS_MODE should they
desire the old behavior.
Bug:
https://bugs.gentoo.org/938164
Signed-off-by: Mike Gilbert <
floppym@gentoo.org>
---
eclass/fcaps.eclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass
index bf05776ba760..da4a52099396 100644
--- a/eclass/fcaps.eclass
+++ b/eclass/fcaps.eclass
@@ -70,13 +70,13 @@ esac
# @USER_VARIABLE
# @DESCRIPTION:
# Mode to use when capabilities are supported.
-: ${FCAPS_CAPS_MODE:=0711}
+: ${FCAPS_CAPS_MODE:=0755}
# @ECLASS_VARIABLE: FCAPS_NOCAPS_MODE
# @USER_VARIABLE
# @DESCRIPTION:
# Mode to use when capabilities are not supported.
-: ${FCAPS_NOCAPS_MODE:=4711}
+: ${FCAPS_NOCAPS_MODE:=4755}
# @FUNCTION: fcaps
# @USAGE: [-o <owner>] [-g <group>] [-m <mode>] [-M <caps mode>] <capabilities> <file[s]>
--
2.47.0
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)