The zhcon package was added to FC6 and FC7 extra recently. But there is a issue of it that we may need to notice. Because it need to access /dev/fb0 and so on, it need the setuid permission, so normal users can use it too. This bring the security risk. But for users' convenience, I didn't remove this setuid permission. It is still better don't install zhcon by default. Let's user install it manually. Maybe we can use ACL to controll this? -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
