https://bugzilla.redhat.com/show_bug.cgi?id=2244677
--- Comment #3 from Yanko Kaneti <[email protected]> --- Thanks for looking into it. (In reply to Tim Semeijn from comment #2) > This is an unofficial review as I am not in the packager group yet. > > > mactelnet.x86_64: E: missing-call-to-setgroups-before-setuid > > /usr/bin/mactelnet > > rpmlint error about not using setgroups or initgroups before calling setuid > and setgid. This could be a security risk. Best would be to contact upstream > to get this fixed. The code in question is for dropping privileges, does setgid before setuid and looks secure enough https://github.com/haakonnessjoen/MAC-Telnet/blob/master/src/mactelnet.c#L133C2-L133C2 > Furthermore the Version and Release in your spec need some changes. You seem > to be using a custom Version number not aligned with the latest release from > upstream [1]. I would recommend using the upstream version. Its not custom. There is no release or tag in 7 years but: https://github.com/haakonnessjoen/MAC-Telnet/blob/master/configure.ac#L5 -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2244677 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202244677%23c3 _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
