[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-frameworks-devel
Subject: Re: Review Request 117125: start_kdeinit: Use capabilities instead of SUID
From: "Commit Hook" <null () kde ! org>
Date: 2014-04-11 16:46:52
Message-ID: 20140411164652.29770.93400 () probe ! kde ! org
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/117125/#review55468
-----------------------------------------------------------
This review has been submitted with commit e898d13b430692e775060d49342181192e122fdf \
by Hrvoje Senjan to branch master.
- Commit Hook
On April 7, 2014, 7:05 p.m., Hrvoje Senjan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/117125/
> -----------------------------------------------------------
>
> (Updated April 7, 2014, 7:05 p.m.)
>
>
> Review request for KDE Frameworks and David Faure.
>
>
> Bugs: https://bugzilla.novell.com/show_bug.cgi?id=862953
> https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953
>
>
> Repository: kinit
>
>
> Description
> -------
>
> The issue came up on security review of kinit package (yes, same is valid for \
> kdelibs4...) SUSE security team is not happy with kdeinit being SUID helper, thus \
> capabilities are utilized first (if available) I've just tried to integrate the \
> suggested patch (from the report) with the CMake bits
>
> Diffs
> -----
>
> CMakeLists.txt 8bd43d8
> cmake/FindLibcap.cmake PRE-CREATION
> src/config-kdeinit.h.cmake c89c713
> src/start_kdeinit/CMakeLists.txt 6bfc496
> src/start_kdeinit/start_kdeinit.c 3c733e7
>
> Diff: https://git.reviewboard.kde.org/r/117125/diff/
>
>
> Testing
> -------
>
> Built:
> with setcap & libcap present - installed as advertised;
> without one/both of them - the old procedure is in place (using SUID for the \
> helper)
> I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 \
> variant, so can't also say did it work as planned before...
>
> Thanks,
>
> Hrvoje Senjan
>
>
[Attachment #5 (text/html)]
<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;"> <tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/117125/">https://git.reviewboard.kde.org/r/117125/</a>
</td>
</tr>
</table>
<br />
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This review has been \
submitted with commit e898d13b430692e775060d49342181192e122fdf by Hrvoje Senjan to \
branch master.</pre> <br />
<p>- Commit Hook</p>
<br />
<p>On April 7th, 2014, 7:05 p.m. UTC, Hrvoje Senjan wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('https://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;"> <tr>
<td>
<div>Review request for KDE Frameworks and David Faure.</div>
<div>By Hrvoje Senjan.</div>
<p style="color: grey;"><i>Updated April 7, 2014, 7:05 p.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953">https://bugzilla.novell.com/show_bug.cgi?id=862953</a>
</div>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kinit
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" \
style="border: 1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">The issue came up on security review of kinit package (yes, same is \
valid for kdelibs4...) SUSE security team is not happy with kdeinit being SUID \
helper, thus capabilities are utilized first (if available) I've just tried to \
integrate the suggested patch (from the report) with the CMake bits</pre> </td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Built: with setcap & libcap present - installed as advertised;
without one/both of them - the old procedure is in place (using SUID for the helper)
I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 \
variant, so can't also say did it work as planned before...</pre> </td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>CMakeLists.txt <span style="color: grey">(8bd43d8)</span></li>
<li>cmake/FindLibcap.cmake <span style="color: grey">(PRE-CREATION)</span></li>
<li>src/config-kdeinit.h.cmake <span style="color: grey">(c89c713)</span></li>
<li>src/start_kdeinit/CMakeLists.txt <span style="color: grey">(6bfc496)</span></li>
<li>src/start_kdeinit/start_kdeinit.c <span style="color: \
grey">(3c733e7)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/117125/diff/" style="margin-left: \
3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>
_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic