[opensuse-packaging] Contrib policy regarding setgid binaries
Hello, what is the policy regarding setgid binaries in Contrib? Does http://en.opensuse.org/Packaging/Security_Policies#Setuid_Binaries apply and do I need to get a review before I can submit a package containing a setgid binary to Contrib? Thanks, -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Thu, Dec 24, 2009 at 10:09:56AM +0000, Guido Berhoerster wrote:
Hello,
what is the policy regarding setgid binaries in Contrib? Does http://en.opensuse.org/Packaging/Security_Policies#Setuid_Binaries apply and do I need to get a review before I can submit a package containing a setgid binary to Contrib?
Yes, you do need to get a review. And you probably do not need a setgid bit. What is the package? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
* Marcus Meissner <meissner@suse.de> [2009-12-25 20:34]:
Yes, you do need to get a review.
OK, I'll file a bug then. Would including the information below suffice fo that?
And you probably do not need a setgid bit.
Well IMHO in this case it is justified. I have packaged tmux which creates its sockets under /tmp. There is a patch from Debian which is also included in Fedora and which creates the sockets under /var/run/tmux (which needs to be group owned by a special group tmux) instead. The patch also includes privilege dropping as soon as possible. The patch in question is here: https://build.opensuse.org/package/view_file?file=tmux-1.1-socket-in-var-run.patch&package=tmux&project=home%3Agberh%3AExtra The related code starts here: http://tmux.cvs.sourceforge.net/viewvc/tmux/tmux/tmux.c?revision=1.184&view=markup&pathrev=TMUX_1_1#l_259
What is the package?
https://build.opensuse.org/package/show?package=tmux&project=home%3Agberh%3AExtra -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
participants (2)
-
Guido Berhoerster -
Marcus Meissner