What are useful resources to read about re: gotchas with CapAmb/CapInh when setuid binaries are possible (can't set NO_NEW_PRIVS)?
as http://man7.org/linux/man-pages/man7/capabilities.7.html … says, running setuid/setcap binaries clears any ambient caps
-
-
so that should mean that there are no gotchas security-wise, although it might be an issue functionality-wise
-
The binaries are not setuid, but rather have SELinux rules to change domains on exec. Ping me internally <3
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.