Yes, I will try to learn selinux and create a patch for zhcon and selinux :) Thanks for your idea :) 在 2007-04-03二的 11:14 +0300,Manuel Wolfshant写道: > Hu Zheng wrote: > > The zhcon package was added to FC6 and FC7 extra recently. But there is > > a issue of it that we may need to notice. > > > > Because it need to access /dev/fb0 and so on, it need the setuid > > permission, so normal users can use it too. This bring the security > > risk. But for users' convenience, I didn't remove this setuid > > permission. > > It is still better don't install zhcon by default. Let's user install it > > manually. > > > > Maybe we can use ACL to controll this? > > > To me it looks like a perfect job for SElinux. But I might be wrong, I > am just learning... -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
