http://bugzilla.novell.com/show_bug.cgi?id=567398 http://bugzilla.novell.com/show_bug.cgi?id=567398#c0 Summary: audit setgid binary in new tmux package for integration into Contrib Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: guido+opensuse.org@berhoerster.name QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6 I have packaged tmux and intend to get it integrated into Contrib. tmux creates its sockets under /tmp by default. There is a patch from Debian (included in Fedora as well) which creates the sockets under /var/run/tmux instead. In order for this to work, /var/run/tmux needs to be group owned by a special group tmux which is created by the package and the /usr/bin/tmux binary has to be setgid to this tmux group. The patch also includes privilege dropping as soon as possible. The alternative to having tmux setgid is having the sockets in user-owned directories under /tmp. The patch in question is here: https://build.opensuse.org/package/view_file?file=tmux-1.1-socket-in-var-run.patch&package=tmux&project=home%3Agberh%3AExtra The related code starts here: http://tmux.cvs.sourceforge.net/viewvc/tmux/tmux/tmux.c?revision=1.184&view=markup&pathrev=TMUX_1_1#l_259 The whole package can be found here: https://build.opensuse.org/package/show?package=tmux&project=home%3Agberh%3AExtra Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.