https://bugzilla.novell.com/show_bug.cgi?id=690202 https://bugzilla.novell.com/show_bug.cgi?id=690202#c0 Summary: review vte Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: security-team@suse.de ReportedBy: vuntz@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- We need a review of vte, as we have those rpmlintrc rules: addFilter(".*permissions-file-setuid-bit.*/usr/lib.*/libvte9/gnome-pty-helper") addFilter(".*permissions-file-setuid-bit.*/usr/lib.*/libvte2.90/gnome-pty-helper") (note that this is the same code, built against gtk2 and gtk3 in vte2 and vte source packages -- will be in GNOME:Factory in the next few minutes) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c1
--- Comment #1 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c2
--- Comment #2 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c3
Vincent Untz
there's already /usr/lib/libvte9/gnome-pty-helper listed. Why do you need a second one? Any why would anyone suddenly link that against gtk? If that's the case I'll remove the setgid bit and require re-audit.
I checked, and it doesn't link against gtk. The code didn't change either; we just packaged the binary twice because we need two vte (linked against gtk2 and gtk3). I've reworked the packages to have only one gnome-pty-helper, and it now lives as %{_libexecdir}/gnome-pty-helper (so an update is still needed). See sr#68514. (In reply to comment #2)
btw, we have utempter. gnome-pty-helper shouldn't be needed at all.
That's really up to upstream vte developers... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c4
--- Comment #4 from Ludwig Nussel
(In reply to comment #1)
there's already /usr/lib/libvte9/gnome-pty-helper listed. Why do you need a second one? Any why would anyone suddenly link that against gtk? If that's the case I'll remove the setgid bit and require re-audit.
I checked, and it doesn't link against gtk. The code didn't change either; we just packaged the binary twice because we need two vte (linked against gtk2 and gtk3).
I've reworked the packages to have only one gnome-pty-helper, and it now lives as %{_libexecdir}/gnome-pty-helper (so an update is still needed). See sr#68514.
That puts the binary directly in /usr/lib, doesn't it? Should be something like %_libexecdir/libvte/gnome-pty-helper
(In reply to comment #2)
btw, we have utempter. gnome-pty-helper shouldn't be needed at all.
That's really up to upstream vte developers...
o_O -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c5
--- Comment #5 from Vincent Untz
(In reply to comment #3)
I've reworked the packages to have only one gnome-pty-helper, and it now lives as %{_libexecdir}/gnome-pty-helper (so an update is still needed). See sr#68514.
That puts the binary directly in /usr/lib, doesn't it? Should be something like %_libexecdir/libvte/gnome-pty-helper
What is the issue with having the binary directly in /usr/lib? If we're not happy with that, then we should change the default value of %_libexecdir. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c6
--- Comment #6 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c7
--- Comment #7 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=690202
https://bugzilla.novell.com/show_bug.cgi?id=690202#c8
Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com