[lfs-fr] r1405 - in trunk/hlfs: . chapter01 chapter06

jmengual at linuxfromscratch.org jmengual at linuxfromscratch.org
Dim 21 Aou 01:59:58 PDT 2011


Author: jmengual
Date: 2011-08-21 10:59:58 +0200 (Sun, 21 Aug 2011)
New Revision: 1405

Modified:
   trunk/hlfs/chapter01/changelog.xml
   trunk/hlfs/chapter06/inetutils.xml
   trunk/hlfs/chapter06/shadow.xml
   trunk/hlfs/chapter06/util-linux-ng.xml
   trunk/hlfs/general.ent
Log:
Plusieurs modifications d'origine.


Modified: trunk/hlfs/chapter01/changelog.xml
===================================================================
--- trunk/hlfs/chapter01/changelog.xml	2011-08-20 10:41:35 UTC (rev 1404)
+++ trunk/hlfs/chapter01/changelog.xml	2011-08-21 08:59:58 UTC (rev 1405)
@@ -39,6 +39,19 @@
 -->
  
     <listitem>
+      <para>21-08-2011</para>
+      <itemizedlist>
+        <listitem>
+          <para>[robert] - Plus de verbosité (-v) avec setcap.</para>
+        </listitem>
+       <listitem>
+         <para>[robert] - On n'utilise plus les possibilités (capabilities) avec
+         Shadow et Util-linux-ng. Elles sont vulnérables à des race conditions.</para>
+       </listitem>
+      </itemizedlist>
+    </listitem>
+ 
+    <listitem>
       <para>20-08-2011</para>
       <itemizedlist>
         <listitem>

Modified: trunk/hlfs/chapter06/inetutils.xml
===================================================================
--- trunk/hlfs/chapter06/inetutils.xml	2011-08-20 10:41:35 UTC (rev 1404)
+++ trunk/hlfs/chapter06/inetutils.xml	2011-08-21 08:59:58 UTC (rev 1405)
@@ -130,8 +130,10 @@
 
     <para>Utilisez les possibilités Linux Capabilities plutôt que suid :</para>
 
-<screen><userinput remap="install">setcap cap_net_raw=ep /bin/ping
-setcap cap_net_raw=ep /bin/ping6</userinput></screen>
+<screen><userinput remap="install">chmod -v -s /bin/ping
+setcap -v cap_net_raw=ep /bin/ping
+chmod -v -s /bin/ping6
+setcap -v cap_net_raw=ep /bin/ping6</userinput></screen>
 
   </sect2>
 

Modified: trunk/hlfs/chapter06/shadow.xml
===================================================================
--- trunk/hlfs/chapter06/shadow.xml	2011-08-20 10:41:35 UTC (rev 1404)
+++ trunk/hlfs/chapter06/shadow.xml	2011-08-21 08:59:58 UTC (rev 1405)
@@ -104,24 +104,26 @@
 
 <screen><userinput remap="install">mv -v /usr/bin/passwd /bin</userinput></screen>
 
+<!--
     <para>Utilisez les possibilités Linux Capabilities plutôt que suid :</para>
     
 <screen><userinput remap="install">chmod -v -s /usr/bin/chage
-setcap CAP_DAC_READ_SEARCH=ep /usr/bin/chage
+setcap -v CAP_DAC_READ_SEARCH=ep /usr/bin/chage
 chmod -v -s /usr/bin/chsh
-setcap CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
+setcap -v CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
 chmod -v -s /usr/bin/newgrp
-setcap CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
+setcap -v CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
 chmod -v -s /usr/bin/chfn
-setcap CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
+setcap -v CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
 chmod -v -s /usr/bin/gpasswd
-setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
+setcap -v CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
 chmod -v -s /usr/bin/expiry
-setcap CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
+setcap -v CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
 chmod -v -s /bin/su
-setcap CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
+setcap -v CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
 chmod -v -s /bin/passwd    
-setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
+setcap -v CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
+-->
 
     <!-- <para>Déplacez les bibliothèques de Shadow dans des emplacements
     plus appropriés :</para>

Modified: trunk/hlfs/chapter06/util-linux-ng.xml
===================================================================
--- trunk/hlfs/chapter06/util-linux-ng.xml	2011-08-20 10:41:35 UTC (rev 1404)
+++ trunk/hlfs/chapter06/util-linux-ng.xml	2011-08-21 08:59:58 UTC (rev 1405)
@@ -97,15 +97,16 @@
 
 <screen><userinput>make install</userinput></screen>
 
+<!--
     <para>Utilisez les possibilités Linux Capabilities plutôt que suid (FIXME: 
     wall and write are suid too) :</para>
 
 <screen><userinput remap="install">chmod -v -s /bin/mount
-setcap CAP_SYS_ADMIN=ep /bin/mount
+setcap -v CAP_SYS_ADMIN=ep /bin/mount
 chmod -v -s /bin/umount
-setcap CAP_SYS_ADMIN=ep /bin/umount
+setcap -v CAP_SYS_ADMIN=ep /bin/umount
 </userinput></screen>
-
+-->
   </sect2>
 
   <sect2 id="contents-utillinux" role="content">

Modified: trunk/hlfs/general.ent
===================================================================
--- trunk/hlfs/general.ent	2011-08-20 10:41:35 UTC (rev 1404)
+++ trunk/hlfs/general.ent	2011-08-21 08:59:58 UTC (rev 1405)
@@ -1,5 +1,5 @@
-<!ENTITY version "SVN-20110820">
-<!ENTITY releasedate "20 août 2011">
+<!ENTITY version "SVN-20110821">
+<!ENTITY releasedate "21 août 2011">
 <!ENTITY copyrightdate "1999-2011"><!-- jhalfs needs a literal dash, not – -->
 <!ENTITY milestone "1.0">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->




More information about the lfs-traducfr mailing list