[lfs-fr] r1397 - in trunk/hlfs: . chapter01 chapter06

jmengual at linuxfromscratch.org jmengual at linuxfromscratch.org
Jeu 11 Aou 18:07:16 PDT 2011


Author: jmengual
Date: 2011-08-12 03:07:15 +0200 (Fri, 12 Aug 2011)
New Revision: 1397

Modified:
   trunk/hlfs/chapter01/changelog.xml
   trunk/hlfs/chapter06/inetutils.xml
   trunk/hlfs/chapter06/shadow.xml
   trunk/hlfs/chapter06/util-linux-ng.xml
   trunk/hlfs/general.ent
   trunk/hlfs/packages.ent
   trunk/hlfs/patches.ent
Log:
Mise a jour.


Modified: trunk/hlfs/chapter01/changelog.xml
===================================================================
--- trunk/hlfs/chapter01/changelog.xml	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/chapter01/changelog.xml	2011-08-12 01:07:15 UTC (rev 1397)
@@ -38,6 +38,26 @@
 
 -->
     <listitem>
+      <para>11-08-2011</para>
+      <itemizedlist>
+        <listitem>
+          <para>[robert] - Utilisation de Linux Caps pour monter et démonter.</para>
+        </listitem>
+       <listitem>
+         <para>[robert] - Utilisation des possibilités Linux Caps fpour ping et 
+         ping6.</para>
+       </listitem>
+        <listitem>
+         <para>[robert] - Utilisation des possibilités Linux Caps fpour les 
+         outils de Shadow.</para>
+        </listitem>
+        <listitem>
+          <para>[robert] - Nouveau correctif Grsecurity et nouveau noyau.</para>
+        </listitem>
+     </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>02-08-2011</para>
       <itemizedlist>
         <listitem>

Modified: trunk/hlfs/chapter06/inetutils.xml
===================================================================
--- trunk/hlfs/chapter06/inetutils.xml	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/chapter06/inetutils.xml	2011-08-12 01:07:15 UTC (rev 1397)
@@ -112,8 +112,8 @@
     <para>Ce paquet n'est pas fourni avec une suite de tests.</para>
 
     <para>Installez le paquet :</para>
-    
-<screen><userinput remap="install">make SUIDMODE="-o root -m 4755" install</userinput></screen>
+   
+<screen><userinput remap="install">make SUIDMODE="-o root -m 755" install</userinput></screen>
 
 <screen><userinput remap="install">make install</userinput></screen>
 
@@ -128,6 +128,11 @@
 <screen><userinput remap="install">mv -v /usr/bin/{hostname,ping,ping6} /bin
 mv -v /usr/bin/traceroute /sbin</userinput></screen>
 
+    <para>Utilisez les possibilités Linux Capabilities plutôt que suid :</para>
+
+<screen><userinput remap="install">setcap cap_net_raw=ep /bin/ping
+setcap cap_net_raw=ep /bin/ping6</userinput></screen>
+
   </sect2>
 
   <sect2 id="contents-inetutils" role="content">

Modified: trunk/hlfs/chapter06/shadow.xml
===================================================================
--- trunk/hlfs/chapter06/shadow.xml	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/chapter06/shadow.xml	2011-08-12 01:07:15 UTC (rev 1397)
@@ -104,6 +104,25 @@
 
 <screen><userinput remap="install">mv -v /usr/bin/passwd /bin</userinput></screen>
 
+    <para>Utilisez les possibilités Linux Capabilities plutôt que suid :</para>
+    
+<screen><userinput remap="install">chmod -v -s /usr/bin/chage
+setcap CAP_DAC_READ_SEARCH=ep /usr/bin/chage
+chmod -v -s /usr/bin/chsh
+setcap CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
+chmod -v -s /usr/bin/newgrp
+setcap CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
+chmod -v -s /usr/bin/chfn
+setcap CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
+chmod -v -s /usr/bin/gpasswd
+setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
+chmod -v -s /usr/bin/expiry
+setcap CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
+chmod -v -s /bin/su
+setcap CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
+chmod -v -s /bin/passwd    
+setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
+
     <!-- <para>Déplacez les bibliothèques de Shadow dans des emplacements
     plus appropriés :</para>
 

Modified: trunk/hlfs/chapter06/util-linux-ng.xml
===================================================================
--- trunk/hlfs/chapter06/util-linux-ng.xml	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/chapter06/util-linux-ng.xml	2011-08-12 01:07:15 UTC (rev 1397)
@@ -97,6 +97,15 @@
 
 <screen><userinput>make install</userinput></screen>
 
+    <para>Utilisez les possibilités Linux Capabilities plutôt que suid (FIXME: 
+    wall and write are suid too) :</para>
+
+<screen><userinput remap="install">chmod -v -s /bin/mount
+setcap CAP_SYS_ADMIN=ep /bin/mount
+chmod -v -s /bin/umount
+setcap CAP_SYS_ADMIN=ep /bin/umount
+</userinput></screen>
+
   </sect2>
 
   <sect2 id="contents-utillinux" role="content">

Modified: trunk/hlfs/general.ent
===================================================================
--- trunk/hlfs/general.ent	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/general.ent	2011-08-12 01:07:15 UTC (rev 1397)
@@ -1,5 +1,5 @@
-<!ENTITY version "SVN-20110802">
-<!ENTITY releasedate "2 août 2011">
+<!ENTITY version "SVN-20110811">
+<!ENTITY releasedate "11 août 2011">
 <!ENTITY copyrightdate "1999-2011"><!-- jhalfs needs a literal dash, not – -->
 <!ENTITY milestone "1.0">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->

Modified: trunk/hlfs/packages.ent
===================================================================
--- trunk/hlfs/packages.ent	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/packages.ent	2011-08-12 01:07:15 UTC (rev 1397)
@@ -332,12 +332,12 @@
 
 <!ENTITY linux-major-version "2.6">
 <!ENTITY linux-minor-version "32">
-<!ENTITY linux-patch-version "43">
+<!ENTITY linux-patch-version "44">
 <!ENTITY linux-version "&linux-major-version;.&linux-minor-version;.&linux-patch-version;">
 <!--<!ENTITY linux-version "&linux-major-version;.&linux-minor-version;">-->
 <!ENTITY linux-size "62,952 Kio">
 <!ENTITY linux-url "&kernel;linux/kernel/v&linux-major-version;/longterm/v&linux-major-version;.&linux-minor-version;/linux-&linux-version;.tar.bz2">
-<!ENTITY linux-md5 "d6819da012da0d9772ac79da9dce3d63">
+<!ENTITY linux-md5 "u38d43bb91fff88783f57ada146415029">
 <!ENTITY linux-home "http://www.kernel.org/">
 <!ENTITY linux-ch8-du "450 - 500 Mio">
 <!ENTITY linux-ch8-sbu "1.5 - 5.0 SBU">

Modified: trunk/hlfs/patches.ent
===================================================================
--- trunk/hlfs/patches.ent	2011-08-10 00:54:46 UTC (rev 1396)
+++ trunk/hlfs/patches.ent	2011-08-12 01:07:15 UTC (rev 1397)
@@ -64,9 +64,9 @@
 <!ENTITY glibc-gcc_fix-patch-md5 "d1f28cb98acb9417fe52596908bbb9fd">
 <!ENTITY glibc-gcc_fix-patch-size "2.5 Kio">
 
-<!ENTITY grsecurity-patch "grsecurity-2.2.2-2.6.32.43-201107191826.patch">
-<!ENTITY grsecurity-patch-md5 "74a20f74fa72a3a2f7e4d8e14d991c1f">
-<!ENTITY grsecurity-patch-size "2.4 Mio">
+<!ENTITY grsecurity-patch "grsecurity-2.2.2-2.6.32.44-201108091835.patch">
+<!ENTITY grsecurity-patch-md5 "efcba6dc0505179c09fd697c62aa9582">
+<!ENTITY grsecurity-patch-size "2.6 Mio">
 
 <!ENTITY grub-inode-patch "grub-&grub-version;-256byte_inode-1.patch">
 <!ENTITY grub-inode-patch-md5 "2482bef9c1866b4045767a56268ba673">




More information about the lfs-traducfr mailing list