> On April 11, 2014, 4:46 p.m., Commit Hook wrote: > > This review has been submitted with commit > > e898d13b430692e775060d49342181192e122fdf by Hrvoje Senjan to branch master. > > Hrvoje Senjan wrote: > i've reverted the commit now. capabilities break LD_LIBRARY_PATH, so this > is a no-go. apologies for potentially caused troubles =(
hm, but we have worse situation with SUID (and LD_LIBRARY_PATH is also not propagated there). the process would terminate, as i wrote in diff2 changes. i wonder should OOM protection be removed entirely? at least with distribution side of things, it looks like we had it SUID on openSUSE; and from what i found, none of e.g. Arch, Fedora, Debian/Kubuntu, Gentoo has it this way... > I assume the same can be done with kcheckpass at some point too? missed this one. it would appear so, but i've just tried removing the sticky bits, and unlock works correctly (with KF5 based locker). so maybe not :) - Hrvoje ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/117125/#review55468 ----------------------------------------------------------- On April 11, 2014, 4:46 p.m., Hrvoje Senjan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/117125/ > ----------------------------------------------------------- > > (Updated April 11, 2014, 4:46 p.m.) > > > Review request for KDE Frameworks and David Faure. > > > Bugs: https://bugzilla.novell.com/show_bug.cgi?id=862953 > > https://bugs.kde.org/show_bug.cgi?id=https://bugzilla.novell.com/show_bug.cgi?id=862953 > > > Repository: kinit > > > Description > ------- > > The issue came up on security review of kinit package (yes, same is valid for > kdelibs4...) > SUSE security team is not happy with kdeinit being SUID helper, thus > capabilities are utilized first (if available) > I've just tried to integrate the suggested patch (from the report) with the > CMake bits > > > Diffs > ----- > > CMakeLists.txt 8bd43d8 > cmake/FindLibcap.cmake PRE-CREATION > src/config-kdeinit.h.cmake c89c713 > src/start_kdeinit/CMakeLists.txt 6bfc496 > src/start_kdeinit/start_kdeinit.c 3c733e7 > > Diff: https://git.reviewboard.kde.org/r/117125/diff/ > > > Testing > ------- > > Built: > with setcap & libcap present - installed as advertised; > without one/both of them - the old procedure is in place (using SUID for the > helper) > > I am not sure how to test the OOM killer, fortunately it never kicked in > kdelibs4 variant, so can't also say did it work as planned before... > > > Thanks, > > Hrvoje Senjan > >
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
