[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-frameworks-devel
Subject:    Re: Review Request 117125: start_kdeinit: Use capabilities instead of SUID
From:       "Commit Hook" <null () kde ! org>
Date:       2014-04-11 16:46:52
Message-ID: 20140411164652.29770.93400 () probe ! kde ! org
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/117125/#review55468
-----------------------------------------------------------


This review has been submitted with commit e898d13b430692e775060d49342181192e122fdf \
by Hrvoje Senjan to branch master.

- Commit Hook


On April 7, 2014, 7:05 p.m., Hrvoje Senjan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/117125/
> -----------------------------------------------------------
> 
> (Updated April 7, 2014, 7:05 p.m.)
> 
> 
> Review request for KDE Frameworks and David Faure.
> 
> 
> Bugs: https://bugzilla.novell.com/show_bug.cgi?id=862953
> https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953
>  
> 
> Repository: kinit
> 
> 
> Description
> -------
> 
> The issue came up on security review of kinit package (yes, same is valid for \
> kdelibs4...) SUSE security team is not happy with kdeinit being SUID helper, thus \
> capabilities are utilized first (if available) I've just tried to integrate the \
> suggested patch (from the report) with the CMake bits 
> 
> Diffs
> -----
> 
> CMakeLists.txt 8bd43d8 
> cmake/FindLibcap.cmake PRE-CREATION 
> src/config-kdeinit.h.cmake c89c713 
> src/start_kdeinit/CMakeLists.txt 6bfc496 
> src/start_kdeinit/start_kdeinit.c 3c733e7 
> 
> Diff: https://git.reviewboard.kde.org/r/117125/diff/
> 
> 
> Testing
> -------
> 
> Built:
> with setcap & libcap present - installed as advertised;
> without one/both of them - the old procedure is in place (using SUID for the \
> helper) 
> I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 \
> variant, so can't also say did it work as planned before... 
> 
> Thanks,
> 
> Hrvoje Senjan
> 
> 


[Attachment #5 (text/html)]

<html>
 <body>
  <div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
   <table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;">  <tr>
     <td>
      This is an automatically generated e-mail. To reply, visit:
      <a href="https://git.reviewboard.kde.org/r/117125/">https://git.reviewboard.kde.org/r/117125/</a>
  </td>
    </tr>
   </table>
   <br />





 <pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This review has been \
submitted with commit e898d13b430692e775060d49342181192e122fdf by Hrvoje Senjan to \
branch master.</pre>  <br />









<p>- Commit Hook</p>


<br />
<p>On April 7th, 2014, 7:05 p.m. UTC, Hrvoje Senjan wrote:</p>








<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('https://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;">  <tr>
  <td>

<div>Review request for KDE Frameworks and David Faure.</div>
<div>By Hrvoje Senjan.</div>


<p style="color: grey;"><i>Updated April 7, 2014, 7:05 p.m.</i></p>







<div style="margin-top: 1.5em;">
 <b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>


 <a href="https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953">https://bugzilla.novell.com/show_bug.cgi?id=862953</a>



</div>



<div style="margin-top: 1.5em;">
 <b style="color: #575012; font-size: 10pt;">Repository: </b>
kinit
</div>


<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
 <table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" \
style="border: 1px solid #b8b5a0">  <tr>
  <td>
   <pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">The issue came up on security review of kinit package (yes, same is \
valid for kdelibs4...) SUSE security team is not happy with kdeinit being SUID \
helper, thus capabilities are utilized first (if available) I&#39;ve just tried to \
integrate the suggested patch (from the report) with the CMake bits</pre>  </td>
 </tr>
</table>


<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0">  <tr>
  <td>
   <pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Built: with setcap &amp; libcap present - installed as advertised;
without one/both of them - the old procedure is in place (using SUID for the helper)

I am not sure how to test the OOM killer, fortunately it never kicked in kdelibs4 \
variant, so can&#39;t also say did it work as planned before...</pre>  </td>
 </tr>
</table>


<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">

 <li>CMakeLists.txt <span style="color: grey">(8bd43d8)</span></li>

 <li>cmake/FindLibcap.cmake <span style="color: grey">(PRE-CREATION)</span></li>

 <li>src/config-kdeinit.h.cmake <span style="color: grey">(c89c713)</span></li>

 <li>src/start_kdeinit/CMakeLists.txt <span style="color: grey">(6bfc496)</span></li>

 <li>src/start_kdeinit/start_kdeinit.c <span style="color: \
grey">(3c733e7)</span></li>

</ul>

<p><a href="https://git.reviewboard.kde.org/r/117125/diff/" style="margin-left: \
3em;">View Diff</a></p>







  </td>
 </tr>
</table>








  </div>
 </body>
</html>



_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic