[Secure-testing-team] Bug#767087: beep: Linux Capabilities should be used instead of SUID root bit
Alessandro Selli
alessandroselli at linux.com
Tue Oct 28 11:13:25 UTC 2014
Package: beep
Version: 1.3-3+b1
Severity: normal
Tags: security
-- System Information:
Debian Release: 7.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14.22.luminol0 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages beep depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38+deb7u6
beep recommends no packages.
beep suggests no packages.
-- debconf information:
beep/suid_option: usable for all
Beep is installed SUID root in Debian Wheezy. This is unnecessary. In order to overcome tty ioctl issue, expecially when running in an Xterm, these capabilities should instead be set to the /usr/bin/beep executable:
CAP_DAC_OVERRIDE,CAP_SYS_TTY_CONFIG=ep
More information about the Secure-testing-team
mailing list