Removing the read bit from suid binaries has questionable security benefit, and may cause problems for some software.
Users may override FCAPS_CAPS_MODE and FCAPS_NOCAPS_MODE should they desire the old behavior. Bug: https://bugs.gentoo.org/938164 Signed-off-by: Mike Gilbert <flop...@gentoo.org> --- eclass/fcaps.eclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass index bf05776ba760..da4a52099396 100644 --- a/eclass/fcaps.eclass +++ b/eclass/fcaps.eclass @@ -70,13 +70,13 @@ esac # @USER_VARIABLE # @DESCRIPTION: # Mode to use when capabilities are supported. -: ${FCAPS_CAPS_MODE:=0711} +: ${FCAPS_CAPS_MODE:=0755} # @ECLASS_VARIABLE: FCAPS_NOCAPS_MODE # @USER_VARIABLE # @DESCRIPTION: # Mode to use when capabilities are not supported. -: ${FCAPS_NOCAPS_MODE:=4711} +: ${FCAPS_NOCAPS_MODE:=4755} # @FUNCTION: fcaps # @USAGE: [-o <owner>] [-g <group>] [-m <mode>] [-M <caps mode>] <capabilities> <file[s]> -- 2.47.0
