https://bugzilla.novell.com/show_bug.cgi?id=765948
https://bugzilla.novell.com/show_bug.cgi?id=765948#c22
--- Comment #22 from Sebastian Krahmer 2014-07-14 08:26:41 UTC ---
I think we need a different solution, mainly for two reasons:
1. For some weird reason, it links against too many libs to
be a trusted binary (ldd qemu-bridge-helper shows 56 libs!) whereas
a suid should only link against libc.
2. It is sending the /dev/net/tun descriptor to the user who can do
with it whatever he wants afterwards. That basically renders perms
of /dev/net/tun useless.
In particular 1) looks silly and I think thats maybe something
we should report upstream to get it fixed, as this helper
binary certainly doesnt need so many libs.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.