https://bugzilla.novell.com/show_bug.cgi?id=792928
https://bugzilla.novell.com/show_bug.cgi?id=792928#c1
--- Comment #1 from Marcus Meissner 2012-12-05 14:46:58 UTC ---
[ 653s] e17.x86_64: W: permissions-file-setuid-bit
/usr/lib64/enlightenment/utils/enlightenment_sys is packaged with setuid/setgid
bits (04555)
[ 653s] e17.x86_64: W: permissions-file-setuid-bit
/usr/lib64/enlightenment/utils/enlightenment_backlight is packaged with
setuid/setgid bits (04555)
[ 653s] e17.x86_64: W: permissions-file-setuid-bit
/usr/lib64/enlightenment/modules/cpufreq/linux-gnu-x86_64-0.17.0-alpha8/freqset
is packaged with setuid/setgid bits (04555)
/usr/lib64/enlightenment/modules/cpufreq/linux-gnu-x86_64-0.17.0-alpha8/freqset:
- frequency setting for cpufreq ... Not like this.
We let the kernel do its thing regarding frequency setting usually.
(I do not think there is a DBUS service yet for this, but we did reject it
also for GNOME.)
So ... No.
- usr/lib64/enlightenment/utils/enlightenment_backlight
Please use the DBUS services offered by freedesktop.org.UPower instead.
- /usr/lib64/enlightenment/utils/enlightenment_sys
A generic setuid root wrapper ...
Has (lots of) actions:
"mount" / "umount" / "eject"
Use DBUS service org.freedesktop.UDisks* instead like all other desktops.
They were explicitly made for this.
Alternatively use the "udisksctl" helper binary if you dont want to add full
dbus support.
"gdb": You cannot start a setuid root gdb safely, especially if you can
specificy a output file you can just overwrite any file on the system. Also
.gdb_init and other related files to inject commands.
sysactions has:
action: halt /sbin/shutdown -h now
action: reboot /sbin/shutdown -r now
action: suspend /etc/acpi/sleep.sh force
action: hibernate /etc/acpi/hibernate.sh force
action: /bin/mount /bin/mount
action: /bin/umount /bin/umount
action: /usr/bin/eject /usr/bin/eject
action: gdb gdb
All those are implementable and implemented over DBUS services (upower,
udisks, systemd, ConsoleKit) and should be implemented as such.
It is interesting that src/bin/e_sys* implements what we have with PolicyKit,
ConsoleKit and DBUS again.
Please just adjust e17 to use freedesktop.org methods.
You could disable all setuid bits, remove the rpmlintrc and submit it already.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.