Review Request 117125: start_kdeinit: Use capabilities instead of SUID
Hrvoje Senjan
hrvoje.senjan at gmail.com
Thu Mar 27 19:57:22 UTC 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/117125/
-----------------------------------------------------------
Review request for KDE Frameworks and David Faure.
Bugs: https://bugzilla.novell.com/show_bug.cgi?id=862953
https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953
Repository: kinit
Description
-------
The issue came up on security review of kinit package (yes, same is valid for kdelibs4...)
SUSE security team is not happy with kdeinit being SUID helper, thus capabilities are utilized first (if available)
I've just tried to integrate the suggested patch (from the report) with the CMake bits
Diffs
-----
CMakeLists.txt 335ed08
cmake/COPYING-CMAKE-SCRIPTS PRE-CREATION
cmake/FindCap.cmake PRE-CREATION
src/config-kdeinit.h.cmake c89c713
src/start_kdeinit/CMakeLists.txt 6bfc496
src/start_kdeinit/start_kdeinit.c 3c733e7
Diff: https://git.reviewboard.kde.org/r/117125/diff/
Testing
-------
Built:
with setcap & libcap present - installed as advertised;
without one/both of them - the old procedure is in place (using SUID for the helper)
I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 variant, so can't also say did it work as planned before...
Thanks,
Hrvoje Senjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20140327/5b46b61b/attachment.html>
More information about the Kde-frameworks-devel
mailing list