Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: audit-viewer - Audit event viewer https://bugzilla.redhat.com/show_bug.cgi?id=442522 ------- Additional Comments From mitr@xxxxxxxxxx 2008-04-18 17:48 EST ------- (In reply to comment #3) > 4.) rpmlint: > audit-viewer.src: W: no-url-tag Added, now that audit-viewer is at fedorahosted.org > audit-viewer.x86_64: W: symlink-should-be-relative > /usr/libexec/audit-viewer-server /usr/bin/consolehelper > Absolute symlinks are problematic eg. when working with chroot environments. There's really no way to use that symlink in a chroot anyway: - There's no reason to use it to copy the consolehelper binary anywhere. - If you use the symlink to run audit-viewer-server, then consolehelper will access /etc/security/console.apps/audit-viewer-server, check users from /etc/passwd and run /usr/libexec/audit-viewer-server-real; this will all happen in the "top" root and it will happen the same whether the running consolehelper is /usr/bin/consolehelper or /chroot/usr/bin/consolehelper. OTOH using an absolute symlink somewhat protect us in case %{libexecdir} was moved. > Have you considered using PolicyKit instread of consolehelper? Briefly. Right now the privileged part is userhelper and roughly 300 lines of custom C code, and modifying the code to rely on libpolkit would probably not be a security improvement (although the PolicyKit features are somewhat compelling). -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review