Subversion Repositories svn LFS-FR

Compare Revisions

Ignore whitespace Rev 1404 → Rev 1405

/trunk/hlfs/chapter01/changelog.xml
39,6 → 39,19
-->
<listitem>
<para>21-08-2011</para>
<itemizedlist>
<listitem>
<para>[robert] - Plus de verbosité (-v) avec setcap.</para>
</listitem>
<listitem>
<para>[robert] - On n'utilise plus les possibilités (capabilities) avec
Shadow et Util-linux-ng. Elles sont vulnérables à des race conditions.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>20-08-2011</para>
<itemizedlist>
<listitem>
/trunk/hlfs/chapter06/inetutils.xml
130,8 → 130,10
 
<para>Utilisez les possibilités Linux Capabilities plutôt que suid&nbsp;:</para>
 
<screen><userinput remap="install">setcap cap_net_raw=ep /bin/ping
setcap cap_net_raw=ep /bin/ping6</userinput></screen>
<screen><userinput remap="install">chmod -v -s /bin/ping
setcap -v cap_net_raw=ep /bin/ping
chmod -v -s /bin/ping6
setcap -v cap_net_raw=ep /bin/ping6</userinput></screen>
 
</sect2>
 
/trunk/hlfs/chapter06/shadow.xml
104,24 → 104,26
 
<screen><userinput remap="install">mv -v /usr/bin/passwd /bin</userinput></screen>
 
<!--
<para>Utilisez les possibilités Linux Capabilities plutôt que suid&nbsp;:</para>
<screen><userinput remap="install">chmod -v -s /usr/bin/chage
setcap CAP_DAC_READ_SEARCH=ep /usr/bin/chage
setcap -v CAP_DAC_READ_SEARCH=ep /usr/bin/chage
chmod -v -s /usr/bin/chsh
setcap CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
setcap -v CAP_CHOWN,CAP_SETUID=ep /usr/bin/chsh
chmod -v -s /usr/bin/newgrp
setcap CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
setcap -v CAP_DAC_READ_SEARCH,CAP_SETGID=ep /usr/bin/newgrp
chmod -v -s /usr/bin/chfn
setcap CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
setcap -v CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_SETUID=ep /usr/bin/chfn
chmod -v -s /usr/bin/gpasswd
setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
setcap -v CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /usr/bin/gpasswd
chmod -v -s /usr/bin/expiry
setcap CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
setcap -v CAP_DAC_READ_SEARCH=ep /usr/bin/expiry
chmod -v -s /bin/su
setcap CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
setcap -v CAP_DAC_READ_SEARCH,CAP_SETUID,CAP_SETGID=ep /bin/su
chmod -v -s /bin/passwd
setcap CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
setcap -v CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_SETUID=ep /bin/passwd</userinput></screen>
-->
 
<!-- <para>Déplacez les bibliothèques de Shadow dans des emplacements
plus appropriés&nbsp;:</para>
/trunk/hlfs/chapter06/util-linux-ng.xml
97,15 → 97,16
 
<screen><userinput>make install</userinput></screen>
 
<!--
<para>Utilisez les possibilités Linux Capabilities plutôt que suid (FIXME:
wall and write are suid too)&nbsp;:</para>
 
<screen><userinput remap="install">chmod -v -s /bin/mount
setcap CAP_SYS_ADMIN=ep /bin/mount
setcap -v CAP_SYS_ADMIN=ep /bin/mount
chmod -v -s /bin/umount
setcap CAP_SYS_ADMIN=ep /bin/umount
setcap -v CAP_SYS_ADMIN=ep /bin/umount
</userinput></screen>
 
-->
</sect2>
 
<sect2 id="contents-utillinux" role="content">
/trunk/hlfs/general.ent
1,5 → 1,5
<!ENTITY version "SVN-20110820">
<!ENTITY releasedate "20 août 2011">
<!ENTITY version "SVN-20110821">
<!ENTITY releasedate "21 août 2011">
<!ENTITY copyrightdate "1999-2011"><!-- jhalfs needs a literal dash, not &ndash; -->
<!ENTITY milestone "1.0">
<!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->