torsocks fails to wrap setcap binaries
the Linux 'capabilities' library for allowing non-root users to perform tasks which normally require elevated privileges.
at present the torsocks wrappers have checked for setuid and setgid flags on the binaries it executes and failed closed, throwing an error if this occurs, however there is currently no check to see if the binaries have capabilities applied.
in the case where they do, the LD_PRELOAD set by torsocks is stripped and the program will execute with no warning and without the torsocks wrapper.
as an example of this, the current 'ping' command on my Linux is setcap:
/usr/bin/ping = cap_net_raw+ep
$ torsocks ping -c 1 torproject.org
PING torproject.org (18.104.22.168) 56(84) bytes of data.
64 bytes from 22.214.171.124: icmp_seq=1 ttl=50 time=38.1 ms
the install script which does setcap || setuid here: https://projects.archlinux.org/svntogit/packages.git/tree/trunk/iputils.install?h=packages/iputils