https://bugzilla.redhat.com/show_bug.cgi?id=1462472
Bug ID: 1462472
Summary: Review Request: qotd - A simple and lightweight Quote
of the Day daemon
Product: Fedora
Version: rawhide
Component: Package Review
Severity: medium
Priority: medium
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Spec URL: https://tc01.fedorapeople.org/qotd/qotd.spec
SRPM URL: https://tc01.fedorapeople.org/qotd/qotd-0.11.0-1.fc25.src.rpm
Description: QOTD (quote of the day) is specified in RFC 865 as a way of
broadcasting a quote to users. On both TCP and UDP, port 17 is officially
reserved for this purpose. This program is meant to provide a simple QOTD
daemon on IPv4 and IPv6 over TCP/IP.
Fedora Account System Username: tc01
There is only one rpmlint message:
$ rpmlint -i ../RPMS/x86_64/qotd-0.11.0-1.fc25.x86_64.rpm
qotd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/qotdd
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and
this would be a potential security issue to be fixed. Seek POS36-C on the web
for details about the problem.
I've filed a ticket upstream about this here:
https://github.com/ammongit/qotd/issues/11.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- [email protected]
To unsubscribe send an email to [email protected]
