> On April 11, 2014, 4:46 p.m., Commit Hook wrote: > > This review has been submitted with commit > > e898d13b430692e775060d49342181192e122fdf by Hrvoje Senjan to branch master. > > Hrvoje Senjan wrote: > i've reverted the commit now. capabilities break LD_LIBRARY_PATH, so this > is a no-go. apologies for potentially caused troubles =( > > Hrvoje Senjan wrote: > hm, but we have worse situation with SUID (and LD_LIBRARY_PATH is also > not propagated there). the process would terminate, as i wrote in diff2 > changes. i wonder should OOM protection be removed entirely? at least with > distribution side of things, it looks like we had it SUID on openSUSE; and > from what i found, none of e.g. Arch, Fedora, Debian/Kubuntu, Gentoo has it > this way... > > > I assume the same can be done with kcheckpass at some point too? > missed this one. it would appear so, but i've just tried removing the > sticky bits, and unlock works correctly (with KF5 based locker). so maybe not > :)
Actually, ArchLinux does have start_kdeinit setuid. - Alex ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/117125/#review55468 ----------------------------------------------------------- On May 15, 2014, 9:12 p.m., Hrvoje Senjan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/117125/ > ----------------------------------------------------------- > > (Updated May 15, 2014, 9:12 p.m.) > > > Review request for KDE Frameworks, Andreas Hartmetz and David Faure. > > > Bugs: https://bugzilla.novell.com/show_bug.cgi?id=862953 > > https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953 > > > Repository: kinit > > > Description > ------- > > The issue came up on security review of kinit package (yes, same is valid for > kdelibs4...) > SUSE security team is not happy with kdeinit being SUID helper, thus > capabilities are utilized first (if available) > I've just tried to integrate the suggested patch (from the report) with the > CMake bits > > > Diffs > ----- > > CMakeLists.txt 8bd43d8 > cmake/FindLibcap.cmake PRE-CREATION > src/config-kdeinit.h.cmake c89c713 > src/start_kdeinit/CMakeLists.txt 6bfc496 > src/start_kdeinit/start_kdeinit.c 3c733e7 > > Diff: https://git.reviewboard.kde.org/r/117125/diff/ > > > Testing > ------- > > Built: > with setcap & libcap present - installed as advertised; > without one/both of them - the old procedure is in place (using SUID for the > helper) > > I am not sure how to test the OOM killer, fortunately it never kicked in > kdelibs4 variant, so can't also say did it work as planned before... > > > Thanks, > > Hrvoje Senjan > >
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
