Review Request 117125: start_kdeinit: Use capabilities instead of SUID

Hrvoje Senjan hrvoje.senjan at gmail.com
Thu Mar 27 19:57:22 UTC 2014


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/117125/
-----------------------------------------------------------

Review request for KDE Frameworks and David Faure.


Bugs: https://bugzilla.novell.com/show_bug.cgi?id=862953
    https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953


Repository: kinit


Description
-------

The issue came up on security review of kinit package (yes, same is valid for kdelibs4...)
SUSE security team is not happy with kdeinit being SUID helper, thus capabilities are utilized first (if available)
I've just tried to integrate the suggested patch (from the report) with the CMake bits


Diffs
-----

  CMakeLists.txt 335ed08 
  cmake/COPYING-CMAKE-SCRIPTS PRE-CREATION 
  cmake/FindCap.cmake PRE-CREATION 
  src/config-kdeinit.h.cmake c89c713 
  src/start_kdeinit/CMakeLists.txt 6bfc496 
  src/start_kdeinit/start_kdeinit.c 3c733e7 

Diff: https://git.reviewboard.kde.org/r/117125/diff/


Testing
-------

Built:
with setcap & libcap present - installed as advertised;
without one/both of them - the old procedure is in place (using SUID for the helper)

I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 variant, so can't also say did it work as planned before...


Thanks,

Hrvoje Senjan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20140327/5b46b61b/attachment.html>


More information about the Kde-frameworks-devel mailing list