FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 03-29-2010, 06:59 PM
Jan Klepek
 
Default setuid binary for beep program

Hi,

I'm looking for a way how to correctly have beep program[1] with setuid
binary (I mean, what is correct process for this from maintainer point
of view? Or what should be done except change in spec file). I saw
http://fedoraproject.org/wiki/Privilege_escalation_policy
however, I have no idea what should I do that beep package will
implement it correctly.

Currently there is bug[2] which limits correct functionality of perl
module[3] only to root user.

[1] https://admin.fedoraproject.org/pkgdb/acls/name/beep
[2] https://bugzilla.redhat.com/show_bug.cgi?id=573801
[3] https://admin.fedoraproject.org/pkgdb/acls/name/perl-Audio-Beep

Thanks for help,
Jan Klepek

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-29-2010, 09:28 PM
Miloslav Trmač
 
Default setuid binary for beep program

Jan Klepek p*še v Po 29. 03. 2010 v 20:59 +0200:
> I'm looking for a way how to correctly have beep program[1] with setuid
> binary (I mean, what is correct process for this from maintainer point
> of view? Or what should be done except change in spec file). I saw
> http://fedoraproject.org/wiki/Privilege_escalation_policy
> however, I have no idea what should I do that beep package will
> implement it correctly.
I don't think the privilege escalation policy directly places any
restrictions on beeping; the 'behavior of the system "as a whole"'
clause can perhaps be interpreted as related.

I think it's undesirable to allow any remote user to annoy people who
are in the same room as the computer; on the other hand I'd personally
have nothing at all against allowing users logged in locally to beep as
they want. This would be easiest to implement using consolehelper, look
how the "eject" command does it.
Mirek

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-30-2010, 11:42 PM
Adam Williamson
 
Default setuid binary for beep program

On Mon, 2010-03-29 at 20:59 +0200, Jan Klepek wrote:
> Hi,
>
> I'm looking for a way how to correctly have beep program[1] with setuid
> binary (I mean, what is correct process for this from maintainer point
> of view? Or what should be done except change in spec file). I saw
> http://fedoraproject.org/wiki/Privilege_escalation_policy
> however, I have no idea what should I do that beep package will
> implement it correctly.

That policy is mostly a 'don't do privilege escalation for these things'
list. Since beep (afaik) doesn't do any of the things on that page, then
having beep be a setuid binary would not violate the policy.

There isn't really much procedure to follow here. You just have to
convince whoever owns the beep package that the binary should be setuid.
Then s/he would just make it so in the spec. However...

> Currently there is bug[2] which limits correct functionality of perl
> module[3] only to root user.
>
> [1] https://admin.fedoraproject.org/pkgdb/acls/name/beep
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=573801
> [3] https://admin.fedoraproject.org/pkgdb/acls/name/perl-Audio-Beep

It doesn't look from all that as if setting beep as setuid is
necessarily the best resolution. There must be a better way! Although
ultimately, whichever way you implement it, it comes down to whether we
want everyone to be able to play a beep on a system whenever they feel
like it.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 03:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org