Hu Zheng wrote:
The zhcon package was added to FC6 and FC7 extra recently. But there is
a issue of it that we may need to notice.
Because it need to access /dev/fb0 and so on, it need the setuid
permission, so normal users can use it too. This bring the security
risk. But for users' convenience, I didn't remove this setuid
permission.
It is still better don't install zhcon by default. Let's user install it
manually.
Maybe we can use ACL to controll this?
To me it looks like a perfect job for SElinux. But I might be wrong, I
am just learning...
--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
