[Bug 2244677] Review Request: mactelnet - MikroTik MAC-Telnet protocol tools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2244677



--- Comment #3 from Yanko Kaneti <yaneti@xxxxxxxxxxx> ---
Thanks for looking into it.

(In reply to Tim Semeijn from comment #2)
> This is an unofficial review as I am not in the packager group yet.
> 
> > mactelnet.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/mactelnet
> 
> rpmlint error about not using setgroups or initgroups before calling setuid
> and setgid. This could be a security risk. Best would be to contact upstream
> to get this fixed.

The code in question is for dropping privileges, does setgid before setuid and
looks secure enough
https://github.com/haakonnessjoen/MAC-Telnet/blob/master/src/mactelnet.c#L133C2-L133C2


> Furthermore the Version and Release in your spec need some changes. You seem
> to be using a custom Version number not aligned with the latest release from
> upstream [1]. I would recommend using the upstream version.

Its not custom. There is no release or tag in 7 years but:
https://github.com/haakonnessjoen/MAC-Telnet/blob/master/configure.ac#L5


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2244677

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202244677%23c3
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux