https://bugzilla.redhat.com/show_bug.cgi?id=2350109 --- Comment #13 from Pramod V U <pramodvu1502@xxxxxxxxx> --- (In reply to Alexandre Detiste from comment #12) > > `chmod g+s` on `%{_bindir}/crontab` or `/usr/libexec/systemd-cron/crontab_setgid` ? Assuming only latter... > > Of course, the only purpose of the tiny helper is to reduce the attack > surface and have > as little code as possible setuid/setgid. > > A failure here would mean a possible privilège escalation; > that's what we want to avoid. > > The editor, where `crontab -e` is call, is never run as root, > that would be the most scary part. I need to in `%files` add `%attr(644, root, crontab) %dir /var/spool/cron`. Do I need to also add `%config(noreplace)`? -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2350109 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202350109%23c13 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
