Review Request 127341: Change the way SUID bits are managed
David Edmundson
david at davidedmundson.co.uk
Sun Mar 13 01:50:47 UTC 2016
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/127341/#review93465
-----------------------------------------------------------
Ship it!
>The `kcheckpass` binary only needs the SUID bit set when building
without PAM. If PAM is available, then there's no point in having a SUID
bit set in the first place. This is also how, e.g., Gentoo builds this
code anyway.
That reasoning isn't entirely true.
Now pam_unix includes a suid binary /usr/bin/unix_chkpwd which is doing what this is doing. Older versions (10 years ago) didn't, so at the time we needed this for PAM.
However, you're right we don't now.
- David Edmundson
On March 11, 2016, 2:46 p.m., Jan Kundrát wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/127341/
> -----------------------------------------------------------
>
> (Updated March 11, 2016, 2:46 p.m.)
>
>
> Review request for Plasma.
>
>
> Repository: kscreenlocker
>
>
> Description
> -------
>
> The `kcheckpass` binary only needs the SUID bit set when building
> without PAM. If PAM is available, then there's no point in having a SUID
> bit set in the first place. This is also how, e.g., Gentoo builds this
> code anyway.
>
> Also change the way how the SUID bits are managed. Turnes out that cmake
> has a feature for this, and I think that using this feature is better
> than attempting to call chown & chmod manually.
>
> I don't see a potential for regressions here. The `chown` was previously
> attempted as a poor man's UID detection, so if the build was running as
> non-root, it wasn't possible to add a proper SUID bit, anyway.
>
>
> Diffs
> -----
>
> kcheckpass/CMakeLists.txt c7803c96f62c38edf2016c9160b66213dad89949
>
> Diff: https://git.reviewboard.kde.org/r/127341/diff/
>
>
> Testing
> -------
>
> Builds both ways, and the results are as expected. With PAM, everything also works even without the suid bit -- and that's how Gentoo at least has been building this "for ages", AFAIK.
>
>
> Thanks,
>
> Jan Kundrát
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20160313/71ead309/attachment.html>
More information about the Plasma-devel
mailing list