About zhcon setuid issue.
Josh Bressers
bressers at redhat.com
Tue Apr 3 11:55:03 UTC 2007
> The zhcon package was added to FC6 and FC7 extra recently. But there is
> a issue of it that we may need to notice.
>
> Because it need to access /dev/fb0 and so on, it need the setuid
> permission, so normal users can use it too. This bring the security
> risk. But for users' convenience, I didn't remove this setuid
> permission.
> It is still better don't install zhcon by default. Let's user install it
> manually.
>
> Maybe we can use ACL to controll this?
>
Shouldn't pam set the framebuffer owner to the current console user? When
I look at the /dev/fb0 permissions on my system I see this:
% ls -l /dev/fb0
crw------- 1 bress root 29, 0 Apr 3 07:53 /dev/fb0
There should be no need to give zhcon the setuid bit as I already have the
permissions I need.
--
JB
More information about the security
mailing list