setuid binary for beep program
Adam Williamson
awilliam at redhat.com
Tue Mar 30 23:42:38 UTC 2010
On Mon, 2010-03-29 at 20:59 +0200, Jan Klepek wrote:
> Hi,
>
> I'm looking for a way how to correctly have beep program[1] with setuid
> binary (I mean, what is correct process for this from maintainer point
> of view? Or what should be done except change in spec file). I saw
> http://fedoraproject.org/wiki/Privilege_escalation_policy
> however, I have no idea what should I do that beep package will
> implement it correctly.
That policy is mostly a 'don't do privilege escalation for these things'
list. Since beep (afaik) doesn't do any of the things on that page, then
having beep be a setuid binary would not violate the policy.
There isn't really much procedure to follow here. You just have to
convince whoever owns the beep package that the binary should be setuid.
Then s/he would just make it so in the spec. However...
> Currently there is bug[2] which limits correct functionality of perl
> module[3] only to root user.
>
> [1] https://admin.fedoraproject.org/pkgdb/acls/name/beep
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=573801
> [3] https://admin.fedoraproject.org/pkgdb/acls/name/perl-Audio-Beep
It doesn't look from all that as if setting beep as setuid is
necessarily the best resolution. There must be a better way! Although
ultimately, whichever way you implement it, it comes down to whether we
want everyone to be able to play a beep on a system whenever they feel
like it.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list