On 26.10.2007 10:44, Martin Stransky (stransky) wrote: > Author: stransky Martin, please don't take the mail as offense. Your commit just reminded me of something I wanted to bring up. > Update of /cvs/pkgs/rpms/nspluginwrapper/F-8 > In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21292 > Modified Files: > nspluginwrapper.spec > Added Files: > plugin-config-setuid.patch > Log Message: > * Fri Oct 26 2007 Martin Stransky <stransky@xxxxxxxxxx> 0.9.91.5-10 > - mozilla-plugin-config can be run by normal user now > > plugin-config-setuid.patch: > > --- NEW FILE plugin-config-setuid.patch --- > --- mozilla/plugin-config-1.6/src/Makefile.in.old 2007-07-24 13:28:56.000000000 +0200 > +++ mozilla/plugin-config-1.6/src/Makefile.in 2007-07-24 13:47:24.000000000 +0200 > @@ -44,7 +44,7 @@ mkinstalldirs = $(install_sh) -d > CONFIG_HEADER = $(top_builddir)/config.h > CONFIG_CLEAN_FILES = > am__installdirs = "$(DESTDIR)$(bindir)" > -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) > +binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -m 4755 > PROGRAMS = $(bin_PROGRAMS) > am_mozilla_plugin_config_OBJECTS = plugin-config.$(OBJEXT) \ > plugin-detection.$(OBJEXT) plugin-dir.$(OBJEXT) We should try to avoid to much bureaucracy, but well, I feel a bit uncomfortable with to many SUID apps in Fedora. Should we track them somehow (a script that looks at the repo could likely create such a list) and review the list now and then? Or put at least a little hurdle between SUID bits and the Fedora-repo with a "SUID apps must be reviewed/permitted by FOO" rule or something like that? Just wondering. CU knurd -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
