Bug 1140993

Summary: iputils/ping: Drop effective capability
Product: [openSUSE] openSUSE Tumbleweed Reporter: Petr Vorel <petr.vorel>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: matthias.gerstner
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1194156
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Petr Vorel 2019-07-10 10:08:50 UTC 
Upstream recommends using only permitted capability, effective
capability is not needed [1] (done in [2]).

[1] https://github.com/iputils/iputils/commit/368c345ff9a648ea28ece9725522f5363b869823
[2] https://github.com/iputils/iputils/commit/c81f2309b912a00d943afd887616c00a5984c283
Comment 1 Petr Vorel 2019-07-10 10:09:19 UTC 
PR solving this was prepared (fixing more than this bug):
https://github.com/openSUSE/permissions/pull/24
Comment 2 Matthias Gerstner 2019-07-10 10:19:57 UTC 
Since upstream says their utility is now capability aware I'm fine with
dropping the effective bit. Since is is only tighter security I'm fine with
the change and no further review should be required.
Comment 3 Matthias Gerstner 2019-07-10 13:32:56 UTC 
Just like bug 1140991 this change is on its way to Factory via sr#714433.
Closing as FIXED. Thanks!