https://bugzilla.redhat.com/show_bug.cgi?id=1462472 Bug ID: 1462472 Summary: Review Request: qotd - A simple and lightweight Quote of the Day daemon Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: rosser.bjr@xxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: package-review@xxxxxxxxxxxxxxxxxxxxxxx Spec URL: https://tc01.fedorapeople.org/qotd/qotd.spec SRPM URL: https://tc01.fedorapeople.org/qotd/qotd-0.11.0-1.fc25.src.rpm Description: QOTD (quote of the day) is specified in RFC 865 as a way of broadcasting a quote to users. On both TCP and UDP, port 17 is officially reserved for this purpose. This program is meant to provide a simple QOTD daemon on IPv4 and IPv6 over TCP/IP. Fedora Account System Username: tc01 There is only one rpmlint message: $ rpmlint -i ../RPMS/x86_64/qotd-0.11.0-1.fc25.x86_64.rpm qotd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/qotdd This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. I've filed a ticket upstream about this here: https://github.com/ammongit/qotd/issues/11. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
