Bug 147306
Summary: | tpb is not udev-aware | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matthew Saltzman <mjs> |
Component: | tpb | Assignee: | Ville Skyttä <scop> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | petrosyan |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 0.6.3-2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-02-09 22:02:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthew Saltzman
2005-02-06 22:44:58 UTC
Yep, known problem, unfixed because I don't quite like that way of "fixing" it nor have I come up with better ideas. nvram:root:root:0644 is not very good, because non-local users have no business reading nvram at least as far as tpb is concerned; a better default would be 0600 and console.perms modification to give the console user access to nvram. But console.perms is too inflexible, I'm not going to modify it on the fly from the package, and there's no console.perms.d :( (But a RFE to get one is Bugzilla'd). I would probably name the permissions.d snippet *-tpb.permissions or *-tpb-nvram.permissions to avoid possible (but unlikely) collisions with other packages. Thoughts? I agree with renaming the permissions file. I like *-tpb-nvram.permissions myself. How to decide what the digits should be? I see your point about the permissions, but I'd counter that (1) The permissions in the original package are the same, so the fix is no worse than doing nothing from a security viewpoint. (2) Is it really a security risk? (3) As it stands, the package doesn't work at all (after reboot), so users need to install some sort of fix themselves. I'd wager that for anyone who thinks they know what they are doing, this is the fix they would use. And anyone who doesn't is out of luck. Can we use this fix for now and do something smarter when console.perms gets fixed? Fixed in 0.6.3-2 as suggested, thanks. I chose 49 for the permissions.d digits. If you can think of a better way of handling the permissions, let me know. I'm not entirely comfortable with allowing everyone access to /dev/nvram as I don't know what might be available from there. But as you said, this update does not make things any worse than they used to be in the previous one. Oh, and the console.perms.d RFE is bug 135093. I get the following error: $ tpb Unable to open device /dev/nvram: Permission denied when I run tpb in FC4T3 with all the latest updates tpb-0.6.3-2 FC4t3 problem should be fixed in the upcoming 0.6.3-4. Next time, please open a new bug report for a new bug, or at least reopen the old one if you choose to report it in one; that makes it easier for people to track bug statuses. Thanks in advance. When is tpb-0.6.3-4 going to be released? According to the timestamps, it was pushed to the development repository last Friday. |