About zhcon setuid issue.
Manuel Wolfshant
wolfy at nobugconsulting.ro
Tue Apr 3 08:14:59 UTC 2007
Hu Zheng wrote:
> The zhcon package was added to FC6 and FC7 extra recently. But there is
> a issue of it that we may need to notice.
>
> Because it need to access /dev/fb0 and so on, it need the setuid
> permission, so normal users can use it too. This bring the security
> risk. But for users' convenience, I didn't remove this setuid
> permission.
> It is still better don't install zhcon by default. Let's user install it
> manually.
>
> Maybe we can use ACL to controll this?
>
To me it looks like a perfect job for SElinux. But I might be wrong, I
am just learning...
More information about the Fedora-security-list
mailing list