<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/117125/">https://git.reviewboard.kde.org/r/117125/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On April 11th, 2014, 6:46 p.m. CEST, <b>Commit Hook</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This review has been submitted with commit e898d13b430692e775060d49342181192e122fdf by Hrvoje Senjan to branch master.</pre>
</blockquote>
<p>On April 11th, 2014, 10:20 p.m. CEST, <b>Hrvoje Senjan</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">i've reverted the commit now. capabilities break LD_LIBRARY_PATH, so this is a no-go. apologies for potentially caused troubles =(</pre>
</blockquote>
<p>On April 15th, 2014, 2:08 a.m. CEST, <b>Hrvoje Senjan</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">hm, but we have worse situation with SUID (and LD_LIBRARY_PATH is also not propagated there). the process would terminate, as i wrote in diff2 changes. i wonder should OOM protection be removed entirely? at least with distribution side of things, it looks like we had it SUID on openSUSE; and from what i found, none of e.g. Arch, Fedora, Debian/Kubuntu, Gentoo has it this way...
> I assume the same can be done with kcheckpass at some point too?
missed this one. it would appear so, but i've just tried removing the sticky bits, and unlock works correctly (with KF5 based locker). so maybe not :)</pre>
</blockquote>
<p>On May 29th, 2014, 1:44 p.m. CEST, <b>Alex Merry</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Actually, ArchLinux does have start_kdeinit setuid.</pre>
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">i see. i guessed wrongly then that other distros also need to adjust permissions by hand (as we do within .spec) in e.g. PKGBUILD's, debian/rules/install, etc.</pre>
<br />
<p>- Hrvoje</p>
<br />
<p>On May 15th, 2014, 11:12 p.m. CEST, Hrvoje Senjan wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for KDE Frameworks, Andreas Hartmetz and David Faure.</div>
<div>By Hrvoje Senjan.</div>
<p style="color: grey;"><i>Updated May 15, 2014, 11:12 p.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953">https://bugzilla.novell.com/show_bug.cgi?id=862953</a>
</div>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kinit
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">The issue came up on security review of kinit package (yes, same is valid for kdelibs4...)
SUSE security team is not happy with kdeinit being SUID helper, thus capabilities are utilized first (if available)
I've just tried to integrate the suggested patch (from the report) with the CMake bits</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Built:
with setcap & libcap present - installed as advertised;
without one/both of them - the old procedure is in place (using SUID for the helper)
I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 variant, so can't also say did it work as planned before...</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>CMakeLists.txt <span style="color: grey">(8bd43d8)</span></li>
<li>cmake/FindLibcap.cmake <span style="color: grey">(PRE-CREATION)</span></li>
<li>src/config-kdeinit.h.cmake <span style="color: grey">(c89c713)</span></li>
<li>src/start_kdeinit/CMakeLists.txt <span style="color: grey">(6bfc496)</span></li>
<li>src/start_kdeinit/start_kdeinit.c <span style="color: grey">(3c733e7)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/117125/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>