Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: jfbterm - Japanese Console for Linux Frame Buffer Device https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201170 ------- Additional Comments From mtasaka@xxxxxxxxxxxxxxxxxxx 2006-08-20 08:11 EST ------- Before fixing spec file: (In reply to comment #23) > Builds fine normally and rpmlint is clean. I am a tad concerned with this > snippet though and have asked for advice on it. There may be both a security and > SELinux implication with it. > > 8--> > %{__cat} > 60-jfbterm.perms <<EOF > # permission definitions > <console> 0660 /dev/tty0 0660 root > <console> 0600 /dev/console 0600 root > EOF > > %{__mkdir_p} -m 755 %{buildroot}%{_sysconfdir}/security/console.perms.d > %{__install} -m 644 60-jfbterm.perms \ > %{buildroot}%{_sysconfdir}/security/console.perms.d/ > <--8 > > > Very unsure > Security implications (detailed above) This application (/usr/bin/jfbterm) needs device access right for /dev/console and /dev/tty0. So usual compilation of jfbterm sets sticky bit on /usr/bin/jfbterm, with the permission 4755 like /usr/bin/kon (in kon2-0.3.9b-26.2.1 rpm) With stilly bit, installing 60-jfbterm.perms is not necessary. Note: kon cannot deal with frame buffer. Note: pam has /etc/security/console.perms.d/50-default.perms Original packager (Hideki Machida) and me concluded that it may be better that we use console.perms method than use sticky bit. What do you think of this? Umm. I don't know well about SELINUX.... > Are you installing fonts to %{_datadir}/fonts/%{name}? jfbterm requires some fonts (in install stage and on the "real use"), however, these fonts are actually the copies of fonts in other packages (in fonts-japanese, xorg-x11-fonts-XXXXX, and fonts-japanese) Would it be better that I use only the symlink against that fonts? Doing so requires a bit of trick on install stage. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review