[Bug 442522] Review Request: audit-viewer - Audit event viewer
bugzilla at redhat.com
bugzilla at redhat.com
Fri Apr 18 21:48:02 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: audit-viewer - Audit event viewer
https://bugzilla.redhat.com/show_bug.cgi?id=442522
------- Additional Comments From mitr at redhat.com 2008-04-18 17:48 EST -------
(In reply to comment #3)
> 4.) rpmlint:
> audit-viewer.src: W: no-url-tag
Added, now that audit-viewer is at fedorahosted.org
> audit-viewer.x86_64: W: symlink-should-be-relative
> /usr/libexec/audit-viewer-server /usr/bin/consolehelper
> Absolute symlinks are problematic eg. when working with chroot environments.
There's really no way to use that symlink in a chroot anyway:
- There's no reason to use it to copy the consolehelper binary anywhere.
- If you use the symlink to run audit-viewer-server, then consolehelper
will access /etc/security/console.apps/audit-viewer-server, check users
from /etc/passwd and run /usr/libexec/audit-viewer-server-real; this will
all happen in the "top" root and it will happen the same whether the
running consolehelper is /usr/bin/consolehelper or
/chroot/usr/bin/consolehelper.
OTOH using an absolute symlink somewhat protect us in case %{libexecdir} was moved.
> Have you considered using PolicyKit instread of consolehelper?
Briefly. Right now the privileged part is userhelper and roughly 300 lines of
custom C code, and modifying the code to rely on libpolkit would probably not be
a security improvement (although the PolicyKit features are somewhat compelling).
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the package-review
mailing list