Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: %{_bindir}/fbterm is not working for normal users unless a setcap is done.
https://bugzilla.redhat.com/show_bug.cgi?id=565710
Summary: %{_bindir}/fbterm is not working for normal users
unless a setcap is done.
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: fbterm
AssignedTo: dchen(a)redhat.com
ReportedBy: cchance(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: dchen(a)redhat.com, fedora-i18n-bugs(a)redhat.com
Estimated Hours: 0.0
Classification: Fedora
Target Release: ---
Description of problem:
ibus-fbterm is not working except a setcap is done as follows:
"sudo setcap cap_sys_tty_config+ep /path/to/fbterm"
I have added this in the %post of ibus-fbterm, but I thought changes in fbterm
pkg is more appropriate.
Version-Release number of selected component (if applicable):
fbterm-1.6-1.fc12.x86_64
How reproducible:
Always.
Steps to Reproduce:
1. install fbterm
2. install ibus-fbterm
(
http://kaio.fedorapeople.org/pkgs/ibus-fbterm-0.9.1-5.fc12.src.rpm However, it
has setcap in the %post already.
3. execute 'ibus-fbterm-launch'
Actual results:
ibus-fbterm complained about capability problems.
Expected results:
ibus-fbterm is started properly.
Additional info:
`man fbterm` has this section:
SECURITY NOTES
FbTerm tries to change linux kernel key map table to setup shortcuts,
which requires SYS_TTY_CONFIG capability from kernel version 2.6.15. It
means FbTerm should be a setuid 0 program to allow non-root users to use
shortcuts. FbTerm only switches to root privilege temporarily when
changing key map table, we believe it’s pretty much free from security
problems.
If you really don’t like this and not use VESA support, and have a linux
kernel with file system capabilities enabled, which allow user to give
binaries a subset of root’s powers without using setuid 0 (official kernel
2.6.27 includes it), you can run command "sudo setcap ’cap_sys_tty_config+ep’
/path/to/fbterm".
--
Configure bugmail:
https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.