On Wed, 2006-08-23 at 11:14 -0400, Josh Bressers wrote:
> > I have a package in review (BZ #203257 - jfbterm) which I have some
> > concerns about - namely the following=20
>
> That bugzilla # isn't right (I'm looking on bugzilla.redhat.com)
Maybe #201170.
> > 8-->
> > %{__cat} > 60-jfbterm.perms <<EOF
> > # permission definitions
> <console> 0660 /dev/tty0 0660 root
> > <console> 0600 /dev/console 0600 root
> > EOF
> >
> > %{__mkdir_p} -m 755 %{buildroot}%{_sysconfdir}/security/console.perms.d
> > %{__install} -m 644 60-jfbterm.perms \
> > %{buildroot}%{_sysconfdir}/security/console.perms.d/
> > <--8
> >
> > I'm not overly happy with this, but would appreciate some advice on it -
> > I'm not letting the package through due to this concern.
>
> I see no reason for this package to try adding redundant data to
> console.perms.d. The packager should be able to to just leave that out and
> have the package work perfectly. The permissions are already being set
> elsewhere.
Hmm. I don't see /dev/console or /dev/tty0 being assigned anything in
console.perms.d/50-default.perms in FC5. And when I'm logged in at a
console of my FC5 box, /dev/console is 0600 scop:root (scop == me),
but /dev/tty0 is 0660 root:root.
So the /dev/console part seems redundant indeed (with whatever sets it,
not 50-default.perms?), but the /dev/tty0 part does not seem so to me.
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
