Bug 1140993 - iputils/ping: Drop effective capability
Summary: iputils/ping: Drop effective capability
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-10 10:08 UTC by Petr Vorel
Modified: 2023-04-12 00:39 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Vorel 2019-07-10 10:08:50 UTC 
Upstream recommends using only permitted capability, effective
capability is not needed [1] (done in [2]).

[1] https://github.com/iputils/iputils/commit/368c345ff9a648ea28ece9725522f5363b869823
[2] https://github.com/iputils/iputils/commit/c81f2309b912a00d943afd887616c00a5984c283
Comment 1 Petr Vorel 2019-07-10 10:09:19 UTC 
PR solving this was prepared (fixing more than this bug):
https://github.com/openSUSE/permissions/pull/24
Comment 2 Matthias Gerstner 2019-07-10 10:19:57 UTC 
Since upstream says their utility is now capability aware I'm fine with
dropping the effective bit. Since is is only tighter security I'm fine with
the change and no further review should be required.
Comment 3 Matthias Gerstner 2019-07-10 13:32:56 UTC 
Just like bug 1140991 this change is on its way to Factory via sr#714433.
Closing as FIXED. Thanks!