On 07/26/2011 02:29 PM, Tom Horsley wrote: > On Tue, 26 Jul 2011 14:05:59 +0100 > Bryn M. Reeves wrote: > >> It's presumably being having its capabilities dropped because you are >> ptracing >> an executable with the cap_net_bind_service capability as an unprivileged >> user >> (if it wasn't it would be a security hole as a regular user could use a >> debugger >> to bind arbitrary privileged ports). > > It is the rsh client program, why on earth would the rsh client need to bind > a privileged port?
As others have said, that's how rsh "security" "works" - if you need to strace the command as a non-root user you might be able to come up with something involving dropping the file capability and granting cap_net_bind_service to the user you need to strace as (obviously this grants that user the ability to bind any port they like but for debugging you might chose to allow that). Regards, Bryn. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
