[Fedora-i18n-bugs] [Bug 565710] New: %{_bindir}/fbterm is not working for normal users unless a setcap is done.

bugzilla at redhat.com bugzilla at redhat.com
Tue Feb 16 00:27:29 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: %{_bindir}/fbterm is not working for normal users unless a setcap is done.

https://bugzilla.redhat.com/show_bug.cgi?id=565710

           Summary: %{_bindir}/fbterm is not working for normal users
                    unless a setcap is done.
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: low
         Component: fbterm
        AssignedTo: dchen at redhat.com
        ReportedBy: cchance at redhat.com
         QAContact: extras-qa at fedoraproject.org
                CC: dchen at redhat.com, fedora-i18n-bugs at redhat.com
   Estimated Hours: 0.0
    Classification: Fedora
    Target Release: ---


Description of problem:
ibus-fbterm is not working except a setcap is done as follows:

"sudo setcap cap_sys_tty_config+ep /path/to/fbterm"

I have added this in the %post of ibus-fbterm, but I thought changes in fbterm
pkg is more appropriate.

Version-Release number of selected component (if applicable):
fbterm-1.6-1.fc12.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. install fbterm
2. install ibus-fbterm
(http://kaio.fedorapeople.org/pkgs/ibus-fbterm-0.9.1-5.fc12.src.rpm However, it
has setcap in the %post already.
3. execute 'ibus-fbterm-launch'

Actual results:
ibus-fbterm complained about capability problems.

Expected results:
ibus-fbterm is started properly.

Additional info:
`man fbterm` has this section:

SECURITY NOTES
       FbTerm tries to change linux kernel key map table to setup shortcuts,
which  requires SYS_TTY_CONFIG  capability  from  kernel  version  2.6.15. It
means FbTerm should be a setuid 0 program to allow non-root users to use
shortcuts.  FbTerm  only  switches  to root  privilege  temporarily  when
changing key map table, we believe it’s pretty much free from security
problems.

       If you really don’t like this and not use VESA support, and have a linux
 kernel  with file system capabilities enabled, which allow user to give
binaries a subset of root’s powers without using setuid 0 (official kernel
2.6.27 includes it), you can  run  command "sudo setcap ’cap_sys_tty_config+ep’
/path/to/fbterm".

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the i18n-bugs mailing list