https://bugzilla.novell.com/show_bug.cgi?id=765948 https://bugzilla.novell.com/show_bug.cgi?id=765948#c22 --- Comment #22 from Sebastian Krahmer <krahmer@suse.com> 2014-07-14 08:26:41 UTC --- I think we need a different solution, mainly for two reasons: 1. For some weird reason, it links against too many libs to be a trusted binary (ldd qemu-bridge-helper shows 56 libs!) whereas a suid should only link against libc. 2. It is sending the /dev/net/tun descriptor to the user who can do with it whatever he wants afterwards. That basically renders perms of /dev/net/tun useless. In particular 1) looks silly and I think thats maybe something we should report upstream to get it fixed, as this helper binary certainly doesnt need so many libs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.