About zhcon setuid issue.
Hu Zheng
zhu at redhat.com
Tue Apr 3 08:34:12 UTC 2007
Yes, I will try to learn selinux and create a patch for zhcon and
selinux :)
Thanks for your idea :)
在 2007-04-03二的 11:14 +0300,Manuel Wolfshant写道:
> Hu Zheng wrote:
> > The zhcon package was added to FC6 and FC7 extra recently. But there is
> > a issue of it that we may need to notice.
> >
> > Because it need to access /dev/fb0 and so on, it need the setuid
> > permission, so normal users can use it too. This bring the security
> > risk. But for users' convenience, I didn't remove this setuid
> > permission.
> > It is still better don't install zhcon by default. Let's user install it
> > manually.
> >
> > Maybe we can use ACL to controll this?
> >
> To me it looks like a perfect job for SElinux. But I might be wrong, I
> am just learning...
More information about the Fedora-security-list
mailing list