https://bugzilla.redhat.com/show_bug.cgi?id=912816 Julio Merino <julio+redhat@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(julio+redhat@mero | |h.net) | --- Comment #7 from Julio Merino <julio+redhat@xxxxxxxxx> --- Wow, sorry for the looooong delay in replying. I haven't been paying attention to neither Kyua nor Fedora for a long time for various personal reasons... and recently just got back to them. Regarding the missing-call-to-setgroups-before-setuid warning: it's true that the code does not call setgroups, but this is not a real "problem". The code in the "tester" binaries implements logic to drop privileges for test cases that request it, but this is _NOT_ intended to be a security feature and is documented as such. (Mind you, it's the test that chooses to request lower privileges, not the user, so this really is not about security.) Adding a call to setgroups() would only silence this specific warning but would do nothing to improve security. I think this warning just needs to be ignored here. -- You are receiving this mail because: You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review